telnyx-ai-inference-javascript
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official
telnyxnpm package to interact with the Telnyx API infrastructure. - [SAFE]: Authentication is handled correctly through environment variables (
process.env['TELNYX_API_KEY']), preventing the hardcoding of sensitive credentials. - [PROMPT_INJECTION]: The skill handles untrusted external data which creates a potential surface for indirect prompt injection:
- Ingestion points: Untrusted data enters via audio transcriptions (
client.ai.audio.transcribe), chat messages (client.ai.chat.createCompletion), document storage buckets (client.ai.embeddings.create), and web crawling (client.ai.embeddings.url). - Boundary markers: The provided code examples do not demonstrate the use of delimiters or specific instructions to ignore embedded commands.
- Capability inventory: The skill is restricted to SDK-based API calls and does not possess capabilities for direct file system access, shell command execution, or arbitrary network requests.
- Sanitization: No explicit sanitization or filtering of processed data is shown in the usage examples.
- [EXTERNAL_DOWNLOADS]: The
client.ai.embeddings.urlmethod allows the processing of remote web content. This is a core feature of the service for building search indexes and does not involve the execution of remote code on the local environment.
Audit Metadata