voice-ai-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is educational and provides legitimate code examples for building voice applications. No malicious patterns or security violations were found.
- [PROMPT_INJECTION] (SAFE): The skill contains logic to process external audio transcripts, which represents a surface for indirect prompt injection. 1. Ingestion points:
vapi_webhook(request.json) andon_transcriptcallback in Deepgram stream. 2. Boundary markers: Absent. 3. Capability inventory: Limited to orchestration of voice interaction; no dangerous command execution or file system access is performed on the ingested data. 4. Sanitization: Not present in the code snippets. - [CREDENTIALS_UNSAFE] (SAFE): Placeholder strings like
sk-...and...are used for API keys in the examples, posing no security risk. - [DATA_EXFILTRATION] (SAFE): Network requests are directed only to trusted providers mentioned in the documentation (OpenAI, Vapi, Deepgram, ElevenLabs).
Audit Metadata