telnyx-webrtc-client-react-native
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes official vendor resources and recognized libraries including @telnyx/react-voice-commons-sdk, @react-native-firebase/messaging, and @react-native-async-storage/async-storage.
- [SAFE]: All authentication examples use non-functional placeholders for SIP credentials and JWT tokens, preventing accidental exposure of real secrets.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface related to data ingestion. 1. Ingestion points: The skill processes external data via TelnyxVoiceApp.handleBackgroundPush (FCM/APNs payloads). 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided examples. 3. Capability inventory: The skill enables sensitive VoIP operations such as answering calls, hanging up, and sending DTMF tones. 4. Sanitization: No explicit sanitization or validation logic is demonstrated for the incoming remoteMessage data.
- [SAFE]: The documentation neutrally describes the library's internal persistence of credentials in AsyncStorage, which is a standard part of the vendor's session management design.
Audit Metadata