openai-whisper
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the 'openai-whisper' formula using the Homebrew package manager. This is a standard installation from a well-known service provider.
- [COMMAND_EXECUTION]: The skill provides command templates to run the 'whisper' CLI tool for local audio transcription and translation.
- [PROMPT_INJECTION]: The skill processes external audio data which constitutes a surface for indirect prompt injection. 1. Ingestion points: Local audio file paths passed to the command line. 2. Boundary markers: Absent. 3. Capability inventory: Execution of local system binaries. 4. Sanitization: Absent. This risk is inherent to the primary purpose of the skill and the software source is trusted.
Audit Metadata