telnyx-twilio-migration
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of multiple bash scripts (e.g.,
run-discovery.sh,validate-migration.sh,lint-telnyx-correctness.sh) to perform its core functions. - [COMMAND_EXECUTION]: Static analysis detected the use of
subprocess.Popen()inscripts/test-migration/webhook-receiver.py, which is used to execute shell commands during the validation phase. - [PROMPT_INJECTION]: The
SKILL.mdfile contains strict behavioral instructions that override the agent's standard interaction model, requiring it to run phases 1-6 'fully autonomously' and explicitly commanding it not to ask the user any questions. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install external SDKs and packages from official registries (PyPI, NPM, RubyGems) and GitHub repositories (e.g.,
github.com/team-telnyx/telnyx-go), which is expected behavior for a migration tool.
Audit Metadata