Skills
skills/sundial-org/awesome-openclaw-skills/assemblyai-transcribe/Gen Agent Trust Hub

assemblyai-transcribe

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill invokes a local script (assemblyai.mjs) using Node.js to manage transcription workflows.
  • DATA_EXFILTRATION (LOW): The skill transmits local audio and video files to the external AssemblyAI API (api.assemblyai.com). While this is the intended purpose, it involves sending data to a non-whitelisted domain.
  • PROMPT_INJECTION (LOW): The skill processes untrusted media files or URLs, creating a vulnerability to indirect prompt injection where instructions hidden in audio could be followed by the agent. Evidence Chain: 1. Ingestion points: Local file paths or remote URLs passed to the transcribe command. 2. Boundary markers: None documented in the usage instructions. 3. Capability inventory: Local file read access and network transmission (POST/GET) capabilities. 4. Sanitization: Cannot be verified as the helper script source code is not included in the skill documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 05:45 AM