voice-to-text
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The SKILL.md file includes "Force Rules" (强制规则) that use strong imperative language ("必须且只能", "禁止使用") to override the agent's tool selection logic and prevent fallback to alternatives like Whisper.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by transcribing external audio and instructing the agent to treat the output directly as user input. * Ingestion points: scripts/asr.py processes external audio from files, URLs, or Feishu file keys. * Boundary markers: Absent; the agent is explicitly told to "treat the script output... as the user's text message" without delimiters. * Capability inventory: The script has network access (requests) and file-read capabilities. * Sanitization: Absent; no filtering or validation is performed on the transcribed text before injection into the agent context.
- [EXTERNAL_DOWNLOADS]: The skill downloads audio content from Feishu's official API (open.feishu.cn) and transmits data to Volcengine (openspeech.bytedance.com) for processing. Both are well-known or vendor-owned services.
Audit Metadata