voice
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection via voice commands.
- Ingestion points: Microphone audio is processed via
voice.on('speech')andvoice.on('transcript')handlers inSKILL.md. - Boundary markers: Absent. The API documentation does not demonstrate the use of delimiters or 'ignore' instructions for transcribed text before processing.
- Capability inventory: The skill documentation lists high-impact capabilities including financial trading ('buy 100 dollars of...'), price alerts, and portfolio access.
- Sanitization: Absent. There is no evidence of validation or sanitization for the transcribed text before it is used to trigger actions.
- Data Exposure (SAFE): The skill requires environment variables such as
OPENAI_API_KEY, but no hardcoded credentials or exfiltration logic were found.
Audit Metadata