Skills
skills/team-telnyx/telnyx-skills/telnyx-numbers-curl/Gen Agent Trust Hub

telnyx-numbers-curl

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to interact with the Telnyx API for searching, ordering, and managing phone numbers as described in SKILL.md.
  • [DATA_EXFILTRATION]: The skill communicates with api.telnyx.com, which is the official service domain for the Telnyx platform. This connection is used for intended administrative functions.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its processing of data from external API endpoints that can return untrusted user-controlled strings.
  • Ingestion points: SKILL.md references the GET /comments and GET /available_phone_numbers endpoints which ingest external data into the agent context.
  • Boundary markers: The instructions lack explicit boundary markers or directives to disregard potentially malicious instructions within the retrieved content.
  • Capability inventory: The skill utilizes curl to perform network operations based on agent instructions.
  • Sanitization: No sanitization or validation protocols are defined in the skill for processing the strings returned by the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 10:34 AM