make-phone-call
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The script
scripts/make_call.jsuses a template placeholder{{API_SECRET}}for the Twilio Auth Token instead of an environment variable. This pattern indicates the agent is expected to perform string replacement to inject the actual secret into the source code before execution, causing sensitive credentials to be written to the file system in plain text. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (specifically TwiML Injection). In
scripts/make_call.js, themessagevariable derived from user input is interpolated directly into an XML TwiML string (<Response><Say>${message}</Say></Response>) without escaping or sanitization. An attacker could provide a message such as</Say><Record/><Say>to terminate the intended command and execute unauthorized telephony actions like recording the recipient. - Ingestion points:
message_textparameter inSKILL.md(passed toscripts/make_call.js). - Boundary markers: None present.
- Capability inventory: Initiates outbound telephony via Twilio API.
- Sanitization: None detected.
- [EXTERNAL_DOWNLOADS]: The skill installs the
twiliolibrary from the public NPM registry. While this is a well-known service and a legitimate dependency for the skill's purpose, it involves downloading external code at runtime. - [COMMAND_EXECUTION]: The skill executes shell commands to install dependencies (
npm install twilio) and runs a local JavaScript file using the Node.js runtime (node make_call.js).
Recommendations
- AI detected serious security threats
Audit Metadata