telnyx-numbers-services-javascript
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the official
telnyxpackage via npm. This is the standard library provided by the vendor for interacting with their API services. - [CREDENTIALS_UNSAFE]: The examples demonstrate secure credential management by utilizing
process.env['TELNYX_API_KEY']instead of hardcoding sensitive API keys directly in the code. - [DATA_EXFILTRATION]: Network activity is restricted to the official Telnyx API endpoints as implemented in the SDK. There are no patterns suggesting unauthorized data exfiltration to third-party domains.
- [INDIRECT_PROMPT_INJECTION]: The skill retrieves structured data from the Telnyx API which could theoretically contain attacker-controlled content if the account is compromised.
- Ingestion points: API response data from methods like
client.channelZones.list()andclient.dynamicEmergencyAddresses.list()(SKILL.md). - Boundary markers: Not present in the provided JavaScript examples.
- Capability inventory: The skill is limited to API interactions and console logging; it lacks capabilities for file system modification, arbitrary command execution, or non-vendor network requests.
- Sanitization: No explicit sanitization is shown in the examples, which is typical for SDK documentation, but the data is handled as structured objects.
Audit Metadata