voice-agents
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface within
scripts/create_voice_agent.py. Ingestion points: Content is retrieved from Google Drive research documents and meeting transcripts, as well as via the--notescommand-line argument. Boundary markers: The retrieved content is placed within<input_data>tags in the prompt, but the instructions do not explicitly direct the model to ignore any adversarial commands contained within that content. Capability inventory: The AI output is used to define the core behavior, conversation flow, and system identity for a voice agent on the ElevenLabs platform. Sanitization: No sanitization or filtering is applied to the data retrieved from Google Drive or the CLI before it is interpolated into the system prompt. - [DATA_EXFILTRATION]: The script fetches client context and transcripts from Google Drive and transmits this data to OpenRouter and ElevenLabs to generate and configure the voice agents.
- [EXTERNAL_DOWNLOADS]: The skill interacts with the official API endpoints of well-known services including OpenRouter (
openrouter.ai) and ElevenLabs (api.elevenlabs.io). - [CREDENTIALS_UNSAFE]: The script
scripts/create_voice_agent.pymanages Google Drive authentication by storing and loading session tokens from a local file titledmycreds.txt.
Audit Metadata