voice-call
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted text input through the 'message' parameter, creating a vulnerability surface. \n
- Ingestion points: 'message' argument in 'initiate_call', 'continue_call', and 'speak_to_user' actions in SKILL.md.\n
- Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the message body.\n
- Capability inventory: Outbound telephony via CLI (Twilio, Telnyx, Plivo), enabling external communication with real-world side effects.\n
- Sanitization: Absent; the skill does not define any filtering, escaping, or validation of the message content before it is transmitted.\n- [Command Execution] (LOW): The skill facilitates the execution of the 'openclaw' binary on the host system. While this is the intended mechanism for the plugin, it involves the agent invoking system shell commands to perform telephony operations.\n- [Data Exposure] (INFO): The documentation mentions configuration keys for sensitive credentials (e.g., 'accountSid', 'authToken', 'apiKey'), but no actual secrets or hardcoded credentials are found within the file.
Audit Metadata