voweldocs
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes several Node.js dependencies for voice processing and UI rendering, including @vowel.to/client and @ricky0123/vad-web. It also provides examples for using the vendor's web component via the unpkg.com CDN for frameworks with limited JavaScript runtimes.\n- [DATA_EXFILTRATION]: In line with its purpose as a cloud-based voice assistant, the skill handles authentication credentials (appId, JWT) and transmits audio data to the Vowel realtime API. These operations are restricted to the vendor's own infrastructure and are standard for this type of integration.\n- [PROMPT_INJECTION]: The skill implements a surface for indirect prompt injection by ingesting documentation content to support its voice-based navigation and summarization features.\n
- Ingestion points: The extractPageContent function in voice-widget-init.ts reads headings and paragraphs directly from the page DOM to provide context to the agent.\n
- Boundary markers: Absent. No specific delimiters or safety warnings are wrapped around the ingested page content before it is processed.\n
- Capability inventory: The agent has the ability to perform client-side navigation using the Astro router and browser history API via tools like astroNavigate and browserHistory.\n
- Sanitization: No explicit sanitization or filtering of the extracted page content is performed before it is passed to the agent.
Audit Metadata