The Agent Skills Directory

[SAFE]: The skill provides documentation and SDK examples for interacting with the Telnyx voice platform. No malicious instructions, obfuscation, or unauthorized access patterns were detected.
[EXTERNAL_DOWNLOADS]: Recommends installing the telnyx Node.js package. As this is the official SDK for the platform, it is considered a safe and expected dependency.
[DATA_EXFILTRATION]: Demonstrates accessing credentials via process.env['TELNYX_API_KEY'], which aligns with security best practices for avoiding hardcoded secrets.
[COMMAND_EXECUTION]: Includes a robust example for verifying Ed25519 signatures on incoming webhooks to prevent spoofing and ensure that only authorized events from the provider trigger local logic.
[PROMPT_INJECTION]: Identified a potential surface for indirect prompt injection via the call transcription service.
Ingestion points: The transcription_text field in the callRecordingTranscriptionSaved webhook payload (SKILL.md).
Boundary markers: None provided in the sample code snippets.
Capability inventory: The skill provides tools for call control, media playback, and messaging.
Sanitization: The skill demonstrates webhook signature verification but does not show sanitization of the transcription content itself, which is a common pattern for SDK documentation.

telnyx-voice-media-javascript