audio-processing
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection due to its handling of untrusted external inputs.
- Ingestion points: Untrusted data enters the agent context through the
file_path,text, andopsparameters intool.py. - Boundary markers: The skill does not implement delimiters or specific instructions to the model to ignore potential commands embedded within audio transcripts or processed text.
- Capability inventory: The skill has the capability to execute system commands via FFmpeg, perform file system operations (read/write), and communicate with external APIs for speech services.
- Sanitization: While path validation exists in
validate_file_path, it uses a blacklist of system directories (/etc/,/proc/, etc.) which may leave other sensitive user directories unprotected. - [COMMAND_EXECUTION]: The skill executes external FFmpeg processes using
subprocess.run. Although it uses argument lists to prevent shell-based injection, the dynamic construction of command flags from user-provided parameters likeopsormodelrepresents an attack surface for argument injection. - [EXTERNAL_DOWNLOADS]: The skill automates the installation of FFmpeg and multiple Python dependencies such as
openai-whisper,gTTS, andlibrosa. These downloads originate from well-known technology organizations and standard package registries.
Audit Metadata