audio-transcriber
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted audio data.
- Ingestion points: Audio file content is transcribed in "scripts/transcribe.py" (via the "transcribe_audio" function) and stored in "transcript_text".
- Boundary markers: The code in "process_with_llm" uses simple Markdown dividers ("---") and a label ("Transcrição:") to separate the transcript from instructions. These markers do not include explicit instructions to the AI to ignore potentially malicious embedded content.
- Capability inventory: The script "scripts/transcribe.py" executes shell commands via "subprocess.run" (calling "claude" and "gh") and performs file write operations in "save_outputs".
- Sanitization: The transcribed text is not sanitized or filtered before being interpolated into the prompt for the AI model.
- [COMMAND_EXECUTION]: The script "scripts/transcribe.py" executes external command-line tools such as "claude" and "gh" (GitHub Copilot CLI) to process transcripts. It also uses "subprocess.run" to install required Python libraries ("rich", "tqdm") if they are missing at runtime.
- [EXTERNAL_DOWNLOADS]: The "scripts/install-requirements.sh" and "scripts/transcribe.py" scripts facilitate the installation of Python packages and the download of transcription models from well-known sources like PyPI and Hugging Face.
Audit Metadata