Skills
skills/rameerez/claude-code-startup-skills/transcribe-video/Gen Agent Trust Hub

transcribe-video

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes user-supplied file paths and language codes that are interpolated into shell commands. This creates a surface for indirect prompt injection or command manipulation if arguments are not properly handled.\n
  • Ingestion points: User-provided file paths and language codes in $ARGUMENTS.\n
  • Boundary markers: None present in the command templates.\n
  • Capability inventory: The Bash tool is used to execute ffmpeg and aws CLI commands.\n
  • Sanitization: No sanitization or escaping logic is defined for the input arguments in the skill documentation.\n- [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute ffmpeg and aws CLI commands to perform audio extraction and interact with AWS services. The skill employs security best practices by restricting the Bash tool to a specific whitelist of binaries and including a thorough cleanup process for temporary files and cloud resources.\n- [DATA_EXFILTRATION]: Local audio data is uploaded to an AWS S3 bucket. This involves a well-known service (AWS) and requires user-configured credentials, representing standard functionality for the intended transcription service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 08:58 AM