wispr-analytics
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted dictation data.
- Ingestion points:
scripts/extract_wispr.pyextracts dictation text (formattedText,asrText) from the local database at~/Library/Application Support/Wispr Flow/flow.sqlite. - Boundary markers: The analysis templates in
references/analysis-prompts.mddo not utilize delimiters (e.g., triple backticks) or specific instructions to the agent to disregard commands potentially embedded within the dictation samples. - Capability inventory: The skill is capable of executing its own Python extraction script and writing results to a markdown file on the local filesystem.
- Sanitization: No sanitization or escaping of the user-provided dictation text is performed before it is interpolated into the analysis prompts.
Audit Metadata