talk
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted voice data to drive sensitive system actions.
- Ingestion points: Untrusted input is captured via the
listen()function as described in the flow ofSKILL.md. - Boundary markers: No technical delimiters or instructions to ignore embedded commands are present in the processing flow.
- Capability inventory: The skill directs the agent to edit files, run system commands, and utilize sensitive tools like
screen_capture()andlist_windows(). - Sanitization: There is no automated sanitization of input, but the skill includes a human-in-the-loop requirement for verbal confirmation before any system changes are committed.
Audit Metadata