telephony
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill script makes outbound network requests to the Twilio (api.twilio.com), Bland.ai (api.bland.ai), and Vapi (api.vapi.ai) APIs to provide telephony and AI voice capabilities.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the ingestion of external data.
- Ingestion points: Inbound SMS messages are retrieved from the Twilio REST API via the twilio-inbox command in scripts/telephony.py.
- Boundary markers: None are present; message contents are returned as raw strings to the agent context.
- Capability inventory: The script includes tools for sending SMS, making direct phone calls, and triggering conversational AI voice calls via external providers.
- Sanitization: External message content is processed and displayed without specific sanitization or escaping mechanisms.
Audit Metadata