deepgram-sdk-patterns
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration techniques were detected in the provided code patterns or instructions.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Deepgram SDKs from standard registries (npm and PyPI). These are well-known, trusted packages for speech-to-text and text-to-speech services.
- [CREDENTIALS_UNSAFE]: The skill correctly demonstrates using
process.env.DEEPGRAM_API_KEYandos.environ["DEEPGRAM_API_KEY"]for secret management, avoiding hardcoded credentials. - [COMMAND_EXECUTION]: The skill demonstrates standard file system operations (reading and writing audio files) and network requests to the Deepgram API via its official SDK. No arbitrary command execution was found.
- [INDIRECT_PROMPT_INJECTION]: While the skill involves processing audio data that could theoretically contain malicious instructions (indirect prompt injection), the patterns provided are standard for data processing and do not introduce unique vulnerabilities. The risk is considered low and inherent to the nature of AI-driven transcription services.
Audit Metadata