spectacles-ai
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides patterns for processing Speech-to-Text (ASR) and camera frame data, which are then passed to external LLMs, creating an indirect prompt injection attack surface.\n
- Ingestion points: ASR transcription updates and camera texture capture in
SKILL.mdandreferences/rsg-asr-patterns.md.\n - Boundary markers: The reference snippets do not include specific delimiters or instructions to the model to ignore embedded commands within the user-provided data.\n
- Capability inventory: Uses platform-specific modules
RemoteServiceModule(Network),AsrModule(Microphone), andCameraModule(Camera).\n - Sanitization: The skill documents remediation strategies, including the use of hard iteration caps for agentic loops and trimming of message history.
Audit Metadata