The Agent Skills Directory

[SAFE]: The skill uses the official 'telnyx' Ruby gem to interact with Telnyx APIs. All network operations are directed at the service's own infrastructure.
[CREDENTIALS_UNSAFE]: The skill correctly recommends using environment variables for managing sensitive API keys instead of hardcoding them.
[DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were detected. Data processed by the skill is limited to call control parameters and interaction results sent to or received from the Telnyx service.
[COMMAND_EXECUTION]: No suspicious shell command execution was found. The only shell command mentioned is the standard installation of the official SDK via 'gem install'.
[PROMPT_INJECTION]: The skill processes untrusted data from external sources, specifically webhook payloads containing caller input (DTMF digits and speech transcripts). This constitutes a surface for Indirect Prompt Injection.
Ingestion points: The skill reads the request body in the webhook handler and processes fields like 'data.payload.digits' and 'data.payload.result'.
Boundary markers: Not explicitly shown in the code snippets.
Capability inventory: The skill can send messages and initiate call actions via the client object.
Sanitization: The skill explicitly demonstrates and recommends webhook signature verification using Ed25519 signatures, which ensures the authenticity of the data source.

telnyx-voice-gather-ruby