openai-whisper
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
openai-whisperformula using the Homebrew package manager, a well-known and trusted service. - [COMMAND_EXECUTION]: The skill executes the
whispercommand-line utility to transcribe audio files. These operations are performed locally on the user's system. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted audio data which is transcribed into text, creating a potential surface for indirect prompt injection.
- Ingestion points: Processes local audio files (e.g., mp3, m4a) via the
whisperCLI. - Boundary markers: None detected; transcripts are not wrapped in delimiters or safety instructions.
- Capability inventory: Executes the
whisperbinary as a subprocess. - Sanitization: No sanitization or verification of the transcribed output is performed.
Audit Metadata