deepgram
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by converting untrusted audio into text intended for LLM consumption. Malicious spoken instructions could potentially influence the agent. Ingestion points: audioStream and file buffers in SKILL.md. Capability inventory: Transcription and basic logging. Boundary markers and sanitization: Absent.
- [EXTERNAL_DOWNLOADS]: References installation of official libraries (@deepgram/sdk and deepgram-sdk) from well-known registries.
- [COMMAND_EXECUTION]: Examples show legitimate file reading and network communication for transcription services.
- [CREDENTIALS_UNSAFE]: Correctly uses environment variables for storing and accessing API keys.
Audit Metadata