transcribe-refiner
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest and process untrusted external content (captions from Zoom, YouTube, Otter.ai, etc.). This creates a surface for indirect prompt injection where malicious instructions hidden in the transcript data could attempt to influence the agent or corrupt the Topic Inventory passed to downstream skills like 'lecture-alchemist'.
- Ingestion points: File SKILL.md specifies processing for .txt, .vtt, .srt files and raw text pastes.
- Boundary markers: Absent. The instructions do not define delimiters or specific 'ignore embedded instructions' warnings for the input data.
- Capability inventory: Limited to natural language transformation, paragraph formation, and metadata generation. It lacks the ability to execute commands, write files, or access the network.
- Sanitization: Absent. There is no mention of filtering or escaping instructions that might be contained within the input captions.
- [Metadata Poisoning] (SAFE): Metadata fields (name, description, trigger phrases) are clear and consistent with the stated purpose of text refinement.
Audit Metadata