Skills
skills/toolshell/skills/speech-to-text/Gen Agent Trust Hub

speech-to-text

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute infsh commands. This is used to run transcription apps, manage sessions, and process media files.
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to install external dependencies using npx skills add inference-sh/skills@agent-tools. It also fetches media for processing from remote URLs.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection.
  • Ingestion points: Processes external audio and video files provided via audio_url or video_url in the SKILL.md examples.
  • Boundary markers: No specific delimiters or safety instructions are used to separate the transcribed text from the agent's instructions.
  • Capability inventory: The infsh tool communicates with external servers and handles file outputs.
  • Sanitization: There is no evidence of sanitization or filtering applied to the transcribed output before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 12:13 PM