streaming-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill creates a significant vulnerability to indirect prompt injection via its real-time multimodal input processing design.\n
- Ingestion points:
examples/video-agent.pyutilizescv2.VideoCaptureto ingest video or camera feeds, whileexamples/voice-agent.pyandtemplates/liverequest-queue.pyingest live audio chunks directly into the agent context.\n - Boundary markers: Absent. There are no instructions to the model to ignore embedded commands within the multimodal stream, and the data is not delimited to distinguish it from system instructions.\n
- Capability inventory: The
SKILL.mdfrontmatter explicitly allows theBash,Read, andWritetools. This high-privilege toolset creates a path for remote command execution if a multimodal injection successfully influences the model.\n - Sanitization: Absent. Multimodal data is passed directly from capture interfaces (OpenCV, microphone) to the
LiveRequestQueuewithout any filtering, validation, or sanitization layers.- Dynamic Execution (LOW): The scriptscripts/check-modality-support.pyuses__import__to verify module availability, but since the module names are sourced from a hardcoded dictionary rather than user input, the risk is negligible.- External Downloads (LOW): The skill instructions suggest installing standard packages likegoogle-adkandopencv-python. These are verifiable packages from trusted repositories and do not constitute a high-risk finding.
Recommendations
- AI detected serious security threats
Audit Metadata