The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The skill provides an interface for the agent to process and act upon untrusted data from external telephony calls.
Ingestion points: The handleCallback method in SKILL.md processes a requestBody from webhook events. The skill also consumes speech and DTMF inputs via the callMedia.startRecognizing method.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the recognized speech or DTMF data are present in the documentation examples.
Capability inventory: The skill allows for significant side-effect actions including initiating calls (createCall), transferring participants (transferCall), recording interactions (startRecording), and writing files to the local system (downloadTo).
Sanitization: The provided examples lack logic for sanitizing or validating the contents of the parsed telephony events or recognition results before they are used to drive application logic.
External Downloads (LOW): The skill depends on com.azure:azure-communication-callautomation (v1.6.0) as documented in SKILL.md. Since the azure organization is a trusted source, the severity of the external dependency download is downgraded to LOW per the trust-scope rule.

azure-communication-callautomation-java