telnyx-voice-gather-python
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to install the 'telnyx' Python package. This is the official SDK provided by the vendor (Telnyx) and is considered a trusted dependency.
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by processing audio and speech input from external callers through AI assistant and gathering functions.
- Ingestion points: Caller speech and DTMF inputs are processed via 'gather_using_ai' and 'gather_using_speak' functions in SKILL.md.
- Boundary markers: The provided code examples do not include explicit boundary markers or instructions to ignore embedded commands within the voice input.
- Capability inventory: The skill has the capability to manage voice calls, add messages to AI conversation history, and control assistant behavior.
- Sanitization: There is no evidence of input sanitization or validation for the gathered speech-to-text results in the basic examples provided.
Audit Metadata