Security risk report for @forgecat/openai_skills_transcribe v0.0.10
Source Integrity
Low
Profile sourced from OpenAI's official public repository (github.com/openai/skills) with clear attribution and commit hash.
Licensed under Apache-2.0; no supply-chain red flags or suspicious upstream dependencies.
Agent Intent
Low
Content describes a legitimate audio transcription workflow with no instructions to manipulate the AI, exfiltrate data, or bypass security controls.
No prompt injection, system prompt leakage, or guidance poisoning detected; documentation focuses on proper API usage and dependency management.
Dependency recommendation (openai package) is a standard, well-known legitimate library with no typosquatting or backdoor indicators.
Details
Evidence
Workflow section outlines transparent steps: collect inputs, verify API key, run CLI, validate output.
Environment section explicitly states 'Never ask the user to paste the full key in chat' — reinforces security best practice.
No instructions to read ~/.ssh, ~/.aws, .env, or exfiltrate environment variables.
Permissions
PRM-000Medium
Profile does not declare explicit tool permissions in the profile.yml, but the markdown instructs running a bundled Python CLI (transcribe_diarize.py) with file I/O and network access (OpenAI API calls).
File write authority is scoped to output/transcribe/ directory and user-specified --out-dir, which is reasonable for a transcription tool; however, the actual CLI binary and its permissions are not visible in this review.
Details
Evidence
Workflow step 5: 'Save outputs under output/transcribe/ when working in this repo' — implies file_write capability.
CLI invocations reference --out and --out-dir flags, indicating write access to user-specified paths.
No shell_exec or arbitrary command execution declared, but Python subprocess invocation of transcribe_diarize.py is implicit.
MCP Risk
Low
No MCP servers are defined in this profile.
Transcription is performed via OpenAI's public API (gpt-4o-transcribe, gpt-4o-transcribe-diarize models) with standard HTTPS calls, not custom MCP binaries.
Details
Evidence
MCP servers section: (none).
Dependencies list only the openai Python package, a well-known public library.