tavus-cvi-interactions
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill loads the
daily-jslibrary fromunpkg.com. While unpkg is a standard CDN, the organizationdaily-cois not on the pre-approved trusted source list. The severity is downgraded to LOW as this dependency is essential for the skill's primary purpose of WebRTC communication. - [PROMPT_INJECTION] (LOW): The skill provides explicit capabilities for Indirect Prompt Injection through context manipulation.
- Ingestion points: Data enters the agent context via the
app-messageevent listener and theproperties.textfields inechoorrespondmethods. - Boundary markers: Absent. There are no shown delimiters or instructions to ignore embedded commands when updating context via
overwrite_contextorappend_context. - Capability inventory: The skill can trigger audio speech (
echo), interrupt the replica, and modify the underlying LLM context. - Sanitization: Absent. The provided snippets do not demonstrate any filtering or validation of the input strings before they are sent to the CVI backend.
Audit Metadata