telnyx-voice-advanced-curl
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides examples of using the standard
curlutility to interact with REST APIs. This is consistent with the skill's stated purpose as a developer tool for call control. - [DATA_EXFILTRATION]: The skill demonstrates network operations targeting
api.telnyx.com. These are legitimate communications with the vendor's official API infrastructure. - [PROMPT_INJECTION]: The skill describes webhook event processing where external data (such as DTMF digits or client state strings) is ingested into the agent's context. This represents a potential surface for indirect prompt injection if the agent interprets this data as instructions.
- Ingestion points: Webhook payload fields documented in
SKILL.md(e.g.,data.payload.client_state,data.payload.digit). - Boundary markers: None specified in the documentation.
- Capability inventory: Subprocess execution via
curlfor API actions. - Sanitization: No explicit sanitization or validation of webhook content is described in the reference material.
Audit Metadata