podcast-generation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through external data processing in the audio generation service.
- Ingestion points: In
references/code-examples.md, thegenerate_audio_narrativefunction ingests bookmark titles and summaries retrieved from the database which may originate from untrusted external sources. - Boundary markers: Source content is interpolated directly into a multi-line f-string prompt without robust delimiters or instructions to the model to ignore embedded directives.
- Capability inventory: The skill establishes WebSocket connections to the Azure OpenAI Realtime API and processes streaming audio and transcript data.
- Sanitization: There is no evidence of validation, filtering, or escaping applied to the bookmark data before it is included in the AI prompt.
Audit Metadata