medspeak-knowledge-graph-aided-asr

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions provide a prompt template in Step 8 that interpolates untrusted data from audio transcriptions and user questions directly into the LLM instructions. The template lacks boundary markers (e.g., delimiters like XML tags or triple quotes) to separate data from instructions, which is a standard pattern vulnerable to indirect prompt injection.
  • Ingestion points: SKILL.md (Step 8 prompt construction using noisy_transcript, question, and options variables).
  • Boundary markers: None identified in the prompt template to isolate untrusted input.
  • Capability inventory: The pipeline involves file system operations (SQLite database creation and JSONL writing) and LLM inference.
  • Sanitization: The provided Python snippets do not include logic for sanitizing or escaping the input strings before prompt interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 03:53 AM
Security Audit — agent-trust-hub — medspeak-knowledge-graph-aided-asr