Skills
skills/team-telnyx/skills/telnyx-video-javascript/Gen Agent Trust Hub

telnyx-video-javascript

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the telnyx package via npm. This is the official SDK provided by the vendor (team-telnyx) for interacting with their services.- [CREDENTIALS_UNSAFE]: The documentation includes a hardcoded example of a refresh token in the refreshClientToken section. This is an expired JWT (exp: 1590010143) used solely for illustrative purposes in the SDK documentation.- [PROMPT_INJECTION]: The skill provides functions to retrieve dynamic content from external APIs, such as room participant lists and room recordings. This establishes a surface for indirect prompt injection.
  • Ingestion points: Data enters the context through methods like client.roomParticipants.list() and client.rooms.sessions.retrieve() in SKILL.md.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the documentation.
  • Capability inventory: The skill includes state-changing capabilities such as client.rooms.delete(), client.rooms.sessions.actions.kick(), and client.rooms.sessions.actions.mute() in SKILL.md.
  • Sanitization: No explicit sanitization or validation of the API-returned data is shown in the examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 06:35 PM