voice-agents
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides legitimate documentation and integration examples for Sarvam AI voice services. It correctly advises the use of environment variables for API keys and secrets, avoiding hardcoded credentials.\n- [PROMPT_INJECTION]: The skill architecture involves processing untrusted voice input which is then transcribed and passed to an LLM. This is a standard architecture for voice agents but constitutes a surface for indirect prompt injection where a user might attempt to override system instructions through speech.\n
- Ingestion points: User voice input is captured via transport layers defined in
SKILL.mdandreferences/pipecat.md.\n - Boundary markers: System prompts (e.g., 'You are a helpful customer service agent') are used but do not incorporate explicit delimiters to isolate untrusted user content.\n
- Capability inventory: The skill demonstrates the use of function calling (tools) for actions like booking appointments or checking balances, which could be targeted by injection attacks.\n
- Sanitization: The examples do not include explicit sanitization of transcribed text before processing by the LLM.
Audit Metadata