xiaoyuzhou-transcribe
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of the 'faster-whisper' Python package from PyPI for speech-to-text processing.
- DATA_EXFILTRATION (LOW): The script performs network requests via the 'requests' library to fetch metadata and audio files from external URLs. No sensitive local file access or exfiltration of credentials was found.
- PROMPT_INJECTION (LOW): The skill has an attack surface for indirect prompt injection by ingesting untrusted data from external websites. 1. Ingestion points: scripts/xiaoyuzhou_transcribe.py (fetches HTML from user-provided URL). 2. Boundary markers: Absent. 3. Capability inventory: File-write (SRT, TXT), Network read/write (requests). 4. Sanitization: Absent. The risk is minimized as the data is not currently used to construct subsequent LLM prompts within the scripts.
Audit Metadata