speech-use
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill does not contain instructions that attempt to override system prompts or bypass safety guidelines.
- Data Exposure & Exfiltration (SAFE): Sensitive information like API keys is managed via environment variables or Application Default Credentials. The skill only communicates with official Google Cloud endpoints and does not access sensitive local file paths.
- Obfuscation (SAFE): No obfuscated code or hidden instructions were found. Base64 encoding is used legitimately for audio data in API requests.
- Remote Code Execution (SAFE): The skill relies on standard, versioned Python packages and does not download or execute remote scripts.
- Indirect Prompt Injection (SAFE): The skill processes user-supplied text and audio but lacks exploitable capabilities that would allow an attacker to gain control via indirect injection.
Audit Metadata