convo-agent-skills
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill architecture is designed with security in mind, specifically regarding the handling of sensitive credentials.
- Credential Security: It implements a 'Server Key Injection' pattern (detailed in 05-agent-lifecycle.md and snippets/agent-invite-route.ts) that prevents sensitive API keys (e.g., OpenAI, Anthropic, ElevenLabs) from being exposed to the client-side code or browser.
- Trusted Service Communication: The skill communicates exclusively with official and well-known service endpoints, such as Agora's official API (api.agora.io) and established AI providers.
- Reputable Dependencies: All required dependencies, including agora-rtc-sdk-ng, agora-rtm-sdk, and agora-token, are industry-standard libraries for real-time communication.
- [PROMPT_INJECTION]: The skill provides the infrastructure to process live transcriptions, which is a known surface for indirect prompt injection.
- Ingestion points: User and assistant transcriptions are ingested through RTM and RTC data channels in useAgora-minimal.ts and conversational-ai-api.ts.
- Boundary markers: The snippets do not include explicit prompt delimiters or 'ignore' instructions for the data being processed.
- Capability inventory: The skill facilitates network operations to Agora's agent management APIs via server-side routes.
- Sanitization: Transcribed text is added to the application's global state and rendered in the user interface without specific sanitization filters.
Audit Metadata