Whisper AI Audio to Text Transcriber

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill summarizes user-provided transcripts and shows no code execution, hidden access, persistence, or data exfiltration behavior.

Safe to install for summarizing transcript text into notes and action items. Do not expect it to transcribe audio directly, and redact confidential, personal, health, financial, or credential data unless you are authorized to process it; evaluate any separate transcription service before uploading recordings.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly encourages use on meetings, interviews, phone calls, and similar transcripts, which commonly contain confidential, personal, or regulated information, but provides no privacy warning or handling guidance. This can lead users to submit sensitive data without awareness of minimization, consent, or redaction needs, increasing the risk of inadvertent data exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal