telnyx-ai-inference-ruby
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the
telnyxRuby gem from the official RubyGems registry. This is the legitimate SDK provided by the vendor for interacting with their APIs. - [COMMAND_EXECUTION]: Installation requires running
gem install telnyx, which is the standard command for adding dependencies in a Ruby environment. - [DATA_EXFILTRATION]: The skill facilitates the transmission of data—including text, audio, and URL content—to Telnyx's infrastructure (
api.telnyx.com). This is the intended and documented function of the skill for processing AI requests. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its data ingestion capabilities.
- Ingestion points: Untrusted content enters the agent's context through functions such as
client.ai.embeddings.url(which crawls external websites) andclient.ai.chat.create_completion(which processes message content). - Boundary markers: The code examples provided do not illustrate the use of protective delimiters or specific instructions to the model to ignore embedded commands within the processed data.
- Capability inventory: The SDK allows the agent to communicate with various AI models and manage data within Telnyx storage buckets.
- Sanitization: There is no evidence of input validation or sanitization within the provided implementation examples.
Audit Metadata