nova-sonic-voice-agent
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructional code and patterns for building a voice agent. All referenced Python packages are standard libraries or official SDKs for the described services.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install standard packages from official registries (PyPI) and refers to official Amazon Bedrock documentation. These are trusted sources and do not escalate the security risk.
- [COMMAND_EXECUTION]: The skill includes boilerplate code for a FastAPI server. It uses
allow_origins=["*"]in its CORS configuration, which is a standard pattern for local development templates to ensure connectivity, though it should be tightened for production use. - [PROMPT_INJECTION]: As an agent creation template, the resulting application will ingest user-provided audio and text. This creates a surface for indirect prompt injection common to all LLM applications, but the skill itself does not contain malicious injection patterns.
Audit Metadata