telnyx-numbers-java
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes the official 'com.telnyx.sdk:telnyx' Java library for its operations, which is consistent with the stated author and purpose.\n- [SAFE]: Credentials are handled securely by loading them from environment variables via 'TelnyxOkHttpClient.fromEnv()', avoiding hardcoded secrets.\n- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection (IPI) as it ingests and processes untrusted data from the Telnyx API.\n
- Ingestion points: Text fields such as 'body' in 'client.comments().list()' and 'customerReference' in various retrieval operations (SKILL.md).\n
- Boundary markers: The skill instructions do not provide delimiters or specific guidelines to help the agent distinguish between its instructions and the data retrieved from the API.\n
- Capability inventory: The skill enables the agent to perform actions like searching for, ordering, and configuring phone numbers.\n
- Sanitization: No explicit sanitization or validation of the API-provided strings is documented before the agent processes them.
Audit Metadata