deepgram-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): Potential surface for Indirect Prompt Injection (Category 8).
- Ingestion points: Transcription text is ingested via the
results.channels[].alternatives[].transcriptfield inexamples/fastapi/main.py,examples/express/src/index.js, andexamples/nextjs/app/webhooks/deepgram/route.ts. - Boundary markers: Absent; no instructions or delimiters are provided to the agent to treat this data as untrusted or to ignore embedded instructions.
- Capability inventory: The provided code primarily logs the transcript and returns a success response. No high-risk functions like
eval(),exec(), or subprocess calls are used with the untrusted data. - Sanitization: No sanitization, escaping, or validation is performed on the
transcriptfield before logging or processing.
Audit Metadata