skills/jeremylongshore/claude-code-plugins-plus-skills/deepgram-migration-deep-dive/Gen Agent Trust Hub
deepgram-migration-deep-dive
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill metadata requests broad, wildcard permissions for
kubectlandcurl. While these tools are relevant for cloud migration and API testing, the unrestricted access (*) allows an agent to perform any operation on the connected Kubernetes cluster or network environment. - [PROMPT_INJECTION]: The provided adapter patterns process external audio data from URLs and buffers into text transcripts, creating an indirect prompt injection surface. If the resulting transcripts are utilized by an LLM in downstream tasks, malicious content embedded in the audio could influence the agent's behavior.
- Ingestion points: The
transcribeandtranscribeFilemethods inadapters/deepgram-adapter.tsandadapters/aws-transcribe-adapter.tstake external URLs and audio buffers as input. - Boundary markers: The implementation lacks delimiters or instructions to distinguish the untrusted transcript content from system instructions.
- Capability inventory: The skill enables high-privilege tools including
kubectlandcurl, increasing the potential impact of an injection. - Sanitization: No logic is provided to sanitize or validate the content of the generated transcripts before they are processed further.
Audit Metadata