syncfusion-vue-speech-to-text
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install official packages from the @syncfusion scope on the npm registry, which are legitimate vendor resources.
- [COMMAND_EXECUTION]: The setup instructions include standard CLI commands like npm install and npm run dev for project configuration and development.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by processing external voice input. If the resulting transcriptions are used to drive agent actions without sanitization, malicious spoken commands could be used to manipulate behavior. 1. Ingestion points: The transcript property (references/speech-recognition.md) and transcript-changed event (references/events.md). 2. Boundary markers: Absent in implementation examples. 3. Capability inventory: Component focuses on transcription but text is often passed to other logic. 4. Sanitization: Absent in implementation examples.
Audit Metadata