voice_command_to_skill
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an attack surface for indirect prompt injection by taking raw ASR transcripts and inserting them into prompt templates for subsequent actions.
- Ingestion points: Raw speech-to-text transcripts are processed in the voice_command_to_skill workflow to determine intent and fill parameters.
- Boundary markers: Prompt templates such as 'The user said: {transcript}' lack explicit delimiters or instructions to disregard potential malicious commands within the transcript.
- Capability inventory: The router triggers downstream skills with significant capabilities, such as file-system writes (export_experiment_data_to_excel), video analysis, and data extraction.
- Sanitization: No input validation or filtering is documented to protect against malformed or malicious transcripts before they are utilized in instructions for subsequent skill calls.
Audit Metadata