voice-ai-development
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill documents patterns for agents that ingest untrusted user audio and webhook data, which are then passed to LLMs with tool-calling capabilities. * Ingestion points: input_audio_buffer.append in the OpenAI example and request.json in the Vapi webhook example. * Boundary markers: Absent in the example system prompt templates. * Capability inventory: The templates include tool/function calling (e.g., get_weather, check_order) which can have external side effects. * Sanitization: No sanitization or validation of the untrusted inputs is shown.
- [Credentials Unsafe] (INFO): Common credential markers like 'sk-...' and 'api_key' are present, but they are used as clearly marked documentation placeholders rather than hardcoded secrets.
Audit Metadata