telnyx-oauth-ruby
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill adheres to security best practices by utilizing environment variables (
ENV["TELNYX_API_KEY"]) for credential management instead of hardcoding sensitive information. - [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the official
telnyxRuby gem. This is a recognized vendor-owned package necessary for the skill's stated purpose of interacting with the Telnyx API. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it retrieves and displays data from external API endpoints (e.g.,
client.oauth_clients.list). - Ingestion points: Data entering the agent via Telnyx API responses (SKILL.md).
- Boundary markers: Not present; the skill outputs raw API responses.
- Capability inventory: The skill performs network operations via the SDK but lacks dangerous capabilities like local file writes or arbitrary subprocess execution.
- Sanitization: No explicit sanitization of API data is observed in the examples.
- This finding is classified as low risk and is a standard characteristic of API-driven skills.
Audit Metadata