whisper-test
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation in SKILL.md suggests downloading a static ffmpeg binary from an external third-party URL (https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-arm64-static.tar.xz). While commonly used in the community, it is not an official source.
- [COMMAND_EXECUTION]: The provided installation workaround uses a shell pipeline to pipe a remote download directly into tar for extraction into /usr/local/bin/. Installing unverified binaries into system directories from remote sources is a high-risk pattern.
- [PROMPT_INJECTION]: The skill processes untrusted audio data, creating a potential surface for indirect prompt injection.
- Ingestion points: transcribe.py (reads WAV files provided via command line arguments).
- Boundary markers: Absent. Transcription results are returned to the agent as raw text without delimiters or instructions to ignore embedded commands.
- Capability inventory: transcribe.py (reads local files and outputs text to the agent context).
- Sanitization: Absent. Transcribed text is not validated, escaped, or filtered before being returned.
Audit Metadata