Skills
skills/hainamchung/agent-assistant/azure-ai-voicelive/Gen Agent Trust Hub

azure-ai-voicelive

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of azure-ai-voicelive. This is not a standard or widely documented official Microsoft Azure SDK package for Python (standard packages use azure-cognitiveservices-speech or azure-ai-openai), suggesting it could be an unverifiable dependency or a potential typosquatting risk.\n- PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection) The skill's architecture for processing live audio and executing tools creates a surface for indirect prompt injection.\n
  • Ingestion points: Untrusted audio data is ingested into the session context via conn.input_audio_buffer.append in SKILL.md.\n
  • Boundary markers: There are no boundary markers or delimiters defined in the instructions to separate audio input from system-level commands.\n
  • Capability inventory: The skill enables high-impact capabilities including function calling (tools in SessionResource) and session updates.\n
  • Sanitization: The provided documentation and code do not include mechanisms for sanitizing the audio stream or its transcript before it influences model responses.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:39 PM