gemini-stt
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
transcribe.pyscript executes thegcloudCLI to manage authentication tokens and configuration. These subprocess calls are implemented securely using fixed argument lists, effectively preventing command injection risks. - [EXTERNAL_DOWNLOADS]: The skill performs HTTPS requests to transmit audio data to Google's generative language and AI platform endpoints. These operations are limited to well-known, trusted domains required for the service.
- [PROMPT_INJECTION]: The skill processes external audio data for transcription, which constitutes an indirect prompt injection surface.
- Ingestion points: Local audio files provided by the user are read and encoded in
transcribe.pyfor model processing. - Boundary markers: Instructions are provided to the model to strictly perform transcription, although the binary audio data itself does not use specific delimiters.
- Capability inventory: The skill is limited to making network requests to official APIs and retrieving local authentication; it does not possess capabilities for arbitrary code execution, file-system modification, or privileged operations based on the model's output.
- Sanitization: The audio data is treated as a raw binary source for transcription, which is standard for this type of utility.
Audit Metadata