voice-audio-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a surface for indirect prompt injection, which could allow external data to influence the agent's behavior.
- Ingestion points: Untrusted data enters the agent context via 'mcp__firecrawl__firecrawl_search' and 'mcp__ElevenLabs__speech_to_text' as specified in the tools allowed in SKILL.md.
- Boundary markers: Absent; the instructions do not provide delimiters or clear directions to ignore potential instructions embedded within external audio transcripts or web content.
- Capability inventory: The skill possesses 'Bash', 'Write', and 'Edit' capabilities (defined in SKILL.md), which provide significant system access if exploited by an indirect injection.
- Sanitization: There is no evidence of sanitization or validation of the external tool outputs within the skill's logic.
- [SAFE]: No evidence of direct prompt injection, malicious obfuscation, persistence mechanisms, or unauthorized credential access was found. The Python implementations for Biquad filters, LUFS measurement, and dynamics processing in 'references/implementations.md' are legitimate and follow industry standards for digital signal processing.
Audit Metadata