telnyx-voice-javascript
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the official 'telnyx' Node.js package from the npm registry for its core functionality.
- [PROMPT_INJECTION]:
- Ingestion points: Untrusted data enters the agent's context through webhook payloads (documented in 'SKILL.md' and 'references/api-details.md'), specifically through fields like 'client_state', 'custom_headers', and 'sip_headers'.
- Boundary markers: No explicit boundary markers or delimiters are used in the provided instructions to isolate external webhook data from the agent's internal reasoning or to warn the agent to ignore embedded instructions.
- Capability inventory: The skill provides the agent with the ability to execute sensitive telephony actions including dialing outbound calls, answering inbound calls, and bridging or transferring active call sessions.
- Sanitization: The skill documentation does not describe any sanitization, filtering, or strict schema validation for the data received from external webhook events.
Audit Metadata