create-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The references/hooks.md file describes a feature where hooks can generate AI messages based on the {{transcript}} variable. This creates a surface for indirect prompt injection where a caller could attempt to influence the assistant's behavior through their spoken input.
- Ingestion points: {{transcript}} variable in hook prompt definitions in references/hooks.md.
- Boundary markers: None shown in example configurations.
- Capability inventory: Hooks can trigger call transfers, end calls, and execute custom functions via external webhooks (e.g., log_event and report_error).
- Sanitization: Documentation does not specify sanitization or escaping of the transcript content before interpolation.
Audit Metadata