telnyx-account-reports-ruby
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Uses environment variables (ENV["TELNYX_API_KEY"]) for API authentication, which is a secure way to handle secrets and avoid hardcoding.
- [SAFE]: References the official telnyx Ruby gem for interacting with the API, ensuring dependencies come from a trusted vendor source.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it fetches data from the Telnyx API (e.g., messaging and voice reports) that may contain content controlled by external parties.
- Ingestion points: API data fetched through methods such as client.reports.list_mdrs and client.reports.list_wdrs in SKILL.md.
- Boundary markers: No clear markers or instructions to ignore embedded commands in the retrieved data are provided.
- Capability inventory: The skill includes methods to create and delete reports (e.g., client.reports.mdr_usage_reports.delete), providing a functional target for injected instructions.
- Sanitization: There is no evidence of data sanitization or escaping of the values returned from the API before they are used by the agent.
Audit Metadata