telnyx-account-access-javascript
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official
telnyxpackage from the npm registry to facilitate communication with the Telnyx API. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data from external API responses without adequate protective boundaries or sanitization.
- Ingestion points: Untrusted data enters the agent context via API responses from Telnyx endpoints, such as address lists (
/addresses) and integration secrets (/integration_secrets). - Boundary markers: Absent; the skill does not define delimiters or provide instructions to the agent to ignore potential commands embedded within the retrieved data fields.
- Capability inventory: The skill provides capabilities to manage high-privilege account settings, including creating integration secrets, configuring SSO authentication providers, and updating network access IP lists.
- Sanitization: Absent; data fetched from the API is used directly in the context without being sanitized or validated for the presence of malicious natural language instructions.
Audit Metadata