voice-call
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides actions that transmit text messages to external recipients, creating a surface for indirect prompt injection.
- Ingestion points: The
messageparameter ininitiate_callandspeak_to_user(SKILL.md). - Boundary markers: None present in the tool's interaction logic.
- Capability inventory: Initiates outbound calls via Twilio, Telnyx, or Plivo, which could be used for automated social engineering.
- Sanitization: Input sanitization is not specified in the skill definition.
- [SAFE]: The skill defines configuration requirements for third-party providers (Twilio, Telnyx, Plivo) without hardcoding actual credentials.
- [SAFE]: All CLI commands and tool actions are consistent with the skill's stated purpose and do not perform unauthorized system actions.
Audit Metadata