livekit-agents
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes an agent framework with a surface for indirect prompt injection.
- Ingestion points: Agents ingest untrusted data from audio (STT), text chat, and video frames (references/multimodality.md).
- Boundary markers: Documentation recommends structured prompting but does not specify technical delimiters to isolate user input.
- Capability inventory: Agents possess capabilities including HTTP tool calling, subprocess management, and MCP tool discovery (references/logic-and-structure.md).
- Sanitization: No security-specific sanitization is described for user-provided content.
- [EXTERNAL_DOWNLOADS]: The skill references external resources from well-known sources, including the shadcn registry and MCP servers for tool discovery.
- [COMMAND_EXECUTION]: The documentation includes CLI commands for deployment and administrative tasks which represent significant system capabilities.
Audit Metadata