Skills
NYC
skills/martinholovsky/claude-skills-generator/web-audio-api/Gen Agent Trust Hub

web-audio-api

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The useSpeechRecognition function captures audio input and converts it to a text transcript. If this transcript is subsequently passed to an LLM without proper delimiting or sanitization, it could serve as a vector for indirect prompt injection.
  • Ingestion points: recognition.value.onresult in references/advanced-patterns.md.
  • Boundary markers: None present.
  • Capability inventory: The skill itself performs audio processing and browser-based speech-to-text; it does not contain file system or shell execution capabilities.
  • Sanitization: No filtering or escaping of the resulting transcript is performed.
  • [Data Exposure & Exfiltration] (SAFE): The createReverb function uses fetch() to retrieve audio impulse responses. While this accesses the network, it is a standard part of the Web Audio API workflow for convolution effects and does not target sensitive data or credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:07 PM