voice-transcribe
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The main logic for transcription (the 'transcribe' script) is referenced in the documentation but is not included in the provided skill files.- [COMMAND_EXECUTION]: The skill requires running a local script on the host machine using the 'uv' tool.- [CREDENTIALS_UNSAFE]: The setup instructions direct users to store an OpenAI API key in a local '.env' file. While standard for local tools, it is a point of manual credential handling.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through processed audio files.
- Ingestion points: Processes external audio data (e.g., WhatsApp voice memos) from various formats.
- Boundary markers: No specific delimiters or safety instructions are used to separate transcribed text from agent instructions.
- Capability inventory: The agent is instructed to respond based on the content of the transcription.
- Sanitization: No sanitization or validation of the transcribed output is performed.
Audit Metadata