agentphone
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The documentation provides numerous
curlexamples for interacting with theapi.agentphone.toendpoint. These are standard API interaction patterns and are intended for authenticated resource management (agents, numbers, calls). - [PROMPT_INJECTION]: The skill inherently processes external data (voice transcripts and SMS) which serves as an indirect prompt injection surface. The examples show this data being interpolated into LLM prompts.
- Ingestion points: External telephony data enters the context via webhook payloads described in
SKILL.md. - Boundary markers: The provided code examples do not implement specific boundary markers or 'ignore' instructions for the telephony content.
- Capability inventory: The skill allows for placing outbound calls, sending SMS, and potentially calling external tools (as shown in the tool-calling examples).
- Sanitization: The examples do not show explicit sanitization of transcript content before prompt interpolation.
- [DATA_EXFILTRATION]: The skill requires an API key for operations. It includes explicit security rules that instruct the agent to never transmit the key to any domain other than the official
api.agentphone.todomain, mitigating risks of credential leakage.
Audit Metadata