twinmind-performance-tuning
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to the legitimate TwinMind API (
api.twinmind.com) for health checks and transcription. It also includes functionality inreferences/implementation.mdto fetch audio data from arbitrary URLs for the purpose of content hashing and transcription. - [COMMAND_EXECUTION]: The skill utilizes the
fluent-ffmpegNode.js library inreferences/implementation.mdto process audio files. This involves executing theffmpegsystem binary to perform operations like noise reduction, normalization, and format conversion. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its audio transcription workflow.
- Ingestion points: Untrusted audio data enters the agent context via URLs processed in the
transcribeWithCachefunction inreferences/implementation.md. - Boundary markers: There are no explicit delimiters or protective instructions provided to prevent the agent from following commands that might be present in the resulting transcript.
- Capability inventory: The skill utilizes network access (
fetch,curl), file operations (Read,Write,Edit), and shell execution via FFmpeg. - Sanitization: The implementation does not show any sanitization or validation of the transcribed text before it is returned to the agent context.
Audit Metadata