Skills
skills/sundial-org/awesome-openclaw-skills/transcribe/Gen Agent Trust Hub

transcribe

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The installation script scripts/install.sh uses sudo to copy the transcribe wrapper to /usr/local/bin, which modifies system-level binary directories.
  • [COMMAND_EXECUTION]: The skill dynamically generates a Dockerfile and a Python script (transcribe.py) at runtime to build its execution environment.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the python:3.11-slim base image and the faster-whisper package from standard public registries.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted audio files.
  • Ingestion points: Audio files processed via transcribe.py.
  • Boundary markers: None present in the transcription output.
  • Capability inventory: Execution of shell scripts and Docker containers.
  • Sanitization: None; output text is returned to the agent without validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 03:42 PM