walkie-talkie
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through audio transcription.
- Ingestion points: External audio files from WhatsApp are transcribed via Whisper, and the resulting text in /tmp/in.txt is treated as the user's real input as described in SKILL.md.
- Boundary markers: Absent; the skill instructions do not use delimiters or safety instructions to separate transcribed content from system commands.
- Capability inventory: The agent has access to ffmpeg, whisper, and messaging tools to send files.
- Sanitization: There is no evidence of sanitization or validation of the transcribed text before it is processed as an instruction.
- [COMMAND_EXECUTION]: The skill relies on executing local system commands (ffmpeg and whisper) to perform its primary tasks. It requires shell access to run these utilities and permissions to read/write in the /tmp directory as shown in the internal manual commands section of SKILL.md.
Audit Metadata