azure-ai-voicelive-py
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation instructions require the package
azure-ai-voicelive, which is a community-sourced library rather than an official verified SDK from Microsoft. This introduces potential supply chain risks associated with unverifiable third-party dependencies.\n- [PROMPT_INJECTION]: The skill's design is susceptible to indirect prompt injection through its handling of live audio data.\n - Ingestion points: Untrusted audio data is ingested through the
input_audio_bufferand converted to text transcripts which are then processed within the main event loop inSKILL.md.\n - Boundary markers: The code examples do not demonstrate the use of delimiters or specific instructions to the model to ignore commands embedded within the transcribed audio content.\n
- Capability inventory: The agent is configured with high-impact capabilities, including function calling (e.g.,
get_weather) and session state updates (conn.session.update), which could be manipulated by hidden instructions in the audio stream.\n - Sanitization: There is no evidence of sanitization, filtering, or validation of the transcribed text before it influences the agent's decision-making process or tool execution.
Audit Metadata