voice-ai-development
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via the Vapi webhook (
request.jsoninSKILL.md) and Deepgram transcription events (result.channel.alternatives[0].transcriptinSKILL.md). - Boundary markers: No explicit delimiters or 'ignore instructions' markers are implemented to separate processed user transcripts from the agent's internal instructions.
- Capability inventory: The skill interacts with external network services including OpenAI Realtime API, Vapi agents, Deepgram, and ElevenLabs synthesis.
- Sanitization: Transcribed text and webhook payloads are processed directly without escaping or validation.
Audit Metadata