voice-note-ingest
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an "Iron Law" requiring the agent to preserve the user's "exact words" and "never paraphrase." This creates an indirect prompt injection surface where malicious instructions embedded in a voice note are stored verbatim in brain pages. Because the agent is subsequently instructed to perform an "Analysis" and "Cross-Link" entities based on this transcript, it may inadvertently execute commands contained within the untrusted text.
- Ingestion points: External audio transcripts processed in SKILL.md.
- Boundary markers: The transcript is placed within a "User's Words" block-quote section, but there are no negative constraints or instructions for the agent to ignore embedded commands.
- Capability inventory: The skill has extensive file system write capabilities (writes_to several directories) and performs network-based transcription and storage operations.
- Sanitization: The skill explicitly forbids sanitization or editing of the transcript to preserve "verbal tics" and "texture."
- [COMMAND_EXECUTION]: The skill references the execution of ffmpeg for audio segmentation and gbrain platform commands for transcription and storage. While these are part of the intended workflow, they represent execution points where potentially malicious binary data (audio files) is processed by system utilities.
Audit Metadata