skills/jeremylongshore/claude-code-plugins-plus-skills/deepgram-performance-tuning/Gen Agent Trust Hub
deepgram-performance-tuning
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external audio files and URLs to generate transcripts, creating a surface for indirect prompt injection where malicious instructions embedded in audio could influence the agent's behavior.\n
- Ingestion points: Processes audio data from remote URLs (audioUrls in lib/parallel-transcription.ts) and local files (filePath in lib/streaming-transcription.ts).\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided implementation examples.\n
- Capability inventory: The skill frontmatter defines high-privilege tool access, including Bash, Write, and Edit, which could be exploited if an injection attack succeeds.\n
- Sanitization: No logic is included for sanitizing or filtering transcripts before they are returned to the agent context.
Audit Metadata