groq-inference
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data such as user-defined prompts and external image URLs, which are directly interpolated into Groq API requests. This creates a potential surface for indirect prompt injection where instructions embedded in the data could influence the agent's behavior.
- Ingestion points: Data enters the agent context through the prompt and image_url parameters used in SKILL.md, templates/groq-client.py, and reference/vision-multimodal.md.
- Boundary markers: The provided code examples lack explicit delimiters or system instructions to isolate data from model instructions.
- Capability inventory: The skill facilitates network communication with the Groq API and performs file system read operations for processing audio and image data.
- Sanitization: No validation or sanitization mechanisms are implemented for the external data passed to the inference models.
Audit Metadata