transcript-to-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted transcript data without using boundary markers or sanitization.
- Ingestion points: The
rawTranscriptvariable inindex.tsis passed directly from user input (or CLI arguments) into the LLM prompt. - Boundary markers: No delimiters (e.g., triple quotes or XML tags) or 'ignore embedded instructions' warnings are used to separate the system prompt from the user-provided transcript.
- Capability inventory: The skill only returns a structured JSON object and does not possess capabilities for file writing, command execution, or non-API network operations, which limits the impact of a successful injection.
- Sanitization: No filtering or validation is performed on the input transcript to detect or neutralize malicious instructions.
Audit Metadata