telnyx-voice-streaming-curl
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documentation describes legitimate usage of the Telnyx Voice Streaming API for real-time audio forking, streaming, and transcription.
- [DATA_EXFILTRATION]: All network operations (curl) target the official vendor domain (api.telnyx.com). Sensitive API keys are handled using safe placeholders like 'YOUR_API_KEY_HERE'.
- [PROMPT_INJECTION]: The skill provides functionality for live speech transcription via the 'transcription_start' action. This creates a surface for indirect prompt injection where untrusted audio input is converted to text that could influence agent behavior. However, this is a core intended feature of the API and no malicious instructions are present in the skill itself.
- [OBFUSCATION]: The examples include a Base64-encoded string in the 'client_state' field ('aGF2ZSBhIG5pY2UgZGF5ID1d'). This decodes to 'have a nice day =]', which is a benign placeholder message.
Audit Metadata