telnyx-twilio-migration
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates a multi-phase migration workflow by executing bundled shell scripts including run-discovery.sh, migration-state.sh, and run-validation.sh.
- [COMMAND_EXECUTION]: Performs autonomous modifications to the user's project files during Phase 4 to transform Twilio-specific API calls, imports, and logic into Telnyx-compatible implementations.
- [EXTERNAL_DOWNLOADS]: Downloads and installs the official telnyx SDK and related libraries from public registries such as PyPI, NPM, and RubyGems during the setup phase. These are well-known vendor resources.
- [CREDENTIALS_UNSAFE]: Collects a Telnyx API key from the user to verify account balance and execute integration tests. This sensitive credential is used to authenticate requests to api.telnyx.com.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it ingests and processes an entire codebase autonomously. Malicious instructions embedded in comments within the user's source code could potentially attempt to subvert the transformation logic. 1. Ingestion points: The entire project root directory is scanned and modified (SKILL.md, run-discovery.sh). 2. Boundary markers: Absent. 3. Capability inventory: File system write access, arbitrary command execution via bundled scripts, and network access to vendor APIs. 4. Sanitization: Absent.
Audit Metadata