telnyx-voice-advanced-python
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the "telnyx" Python package. This is the official SDK for the service provided by the author and is considered a safe vendor resource.
- [PROMPT_INJECTION]:
- Ingestion points: Untrusted data enters the system through webhook payloads, as seen in the "handle_webhook" example in "SKILL.md".
- Boundary markers: Explicit boundary markers or warnings for the agent to ignore instructions within the webhook data are absent.
- Capability inventory: The skill can perform call control actions such as sending DTMF tones, starting/stopping SIPREC sessions, and updating call state via the "client.calls.actions" methods.
- Sanitization: While the skill correctly demonstrates cryptographic signature verification using "client.webhooks.unwrap()" to ensure authenticity, it lacks explicit sanitization of specific payload fields (like "client_state") before they might be used in further processing or prompts.
Audit Metadata