telnyx-ai-assistants-javascript
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the official 'telnyx' npm package, which is a verified vendor resource for accessing Telnyx services.
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection through its interaction with the Telnyx AI API.
- Ingestion points: Assistant configurations, including instructions and descriptions, are ingested via the
client.ai.assistants.retrieve()andclient.ai.assistants.list()methods in SKILL.md. - Boundary markers: The skill does not implement boundary markers or instructions for the agent to ignore embedded commands within the retrieved metadata.
- Capability inventory: The skill possesses extensive capabilities to create, update, and delete cloud resources like assistants and MCP servers, as documented in SKILL.md and references/api-details.md.
- Sanitization: There is no evidence of data validation or sanitization of the content retrieved from the API before it enters the agent's context.
Audit Metadata