telnyx-video-javascript
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official 'telnyx' Node.js package, which is the legitimate SDK provided by the vendor team-telnyx.
- [SAFE]: API credentials are managed using process.env['TELNYX_API_KEY'], adhering to security best practices for secret handling.
- [SAFE]: A Base64-encoded example JWT is included for the token refresh endpoint; decoding and analysis confirm it is a benign sample token with no embedded malicious instructions.
- [PROMPT_INJECTION]: The skill retrieves and displays metadata (participant context, room names) that can be provided by external users, creating an indirect prompt injection surface. (1) Ingestion points: client.roomParticipants.list() and client.rooms.list() in SKILL.md. (2) Boundary markers: None. (3) Capability inventory: Real-time video communication management. (4) Sanitization: No sanitization is demonstrated in the code examples.
Audit Metadata