speech-to-text
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Instructions spoken in an audio file could be transcribed and subsequently executed or obeyed by the agent because the system does not differentiate between user commands and data content.\n
- Ingestion points: Transcribed text generated from audio files provided by the user as described in SKILL.md.\n
- Boundary markers: Absent. The instructions do not specify any delimiters or safety prompts to treat the transcription as untrusted data.\n
- Capability inventory: Shell command execution using the whisper CLI tool.\n
- Sanitization: None. The skill does not implement validation, filtering, or sanitization of the transcript content before it is read by the agent.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute the whisper CLI tool using parameters like the audio file path, which is derived from user input.\n- [EXTERNAL_DOWNLOADS]: The prerequisites recommend installing openai-whisper via pip and ffmpeg via system package managers from their official repositories.
Audit Metadata