Skills
skills/team-telnyx/telnyx-skills/telnyx-texml-curl/Snyk

telnyx-texml-curl

Fail

Audited by Snyk on Mar 16, 2026

Risk Level: HIGH
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows supplying arbitrary external URLs (e.g., the "Url" / "voice_url" / "FallbackUrl" / "StatusCallback" fields and the note "Telnyx will request TeXML from the XML Request URL configured for the connection") so the system will fetch and execute TeXML/webhook responses from third‑party URLs, allowing untrusted external content to drive call behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime parameters (e.g., "Url" / voice_url) that Telnyx will fetch to obtain TeXML call instructions — for example "https://www.example.com/instructions.xml" — so an external URL is fetched at runtime and directly controls call prompts/instructions.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

  • Secret detected (high risk: 1.00). I scanned the prompt for literal, high-entropy credentials and applied the provided ignore rules.

Flagged:

  • "SuperviseCallSid": "v3:MdI91X4lWFEs7IgbBEOT9M4AigoY08M0WWZFISt1Yw2axZ_IiE4pqg" — This value is long, random-looking, and token-like (prefix "v3:" plus a base64/URL-safe string). It meets the definition of a high-entropy literal that could provide access, so it should be treated as a real secret and removed/rotated if it is active.

Ignored (not flagged) with reasons:

  • export TELNYX_API_KEY="YOUR_API_KEY_HERE" — documentation placeholder.
  • "SipAuthPassword": "1234" — low-entropy setup/example password.
  • "SipAuthUsername": "user" — obvious example username.
  • GUIDs/UUIDs and resource IDs like 6a09cdc3-8948-47f0-aa62-74ac943d6c58 and 1293384261075731499 — these are identifiers, not secret credentials.
  • Other example values (e.g., "My Secret Value", "string", phone numbers, example URLs) — clearly examples/placeholders or low-entropy.

Conclusion: the named v3:... value appears to be an actual high-entropy secret present in the documentation and should be treated as a leak.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W008
HIGH

Secret detected in skill content (API keys, tokens, passwords).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 10:34 AM
Issues
3