telnyx-webrtc-client-android
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the
telnyx-webrtc-androidlibrary from the JitPack repository. This is a standard vendor-provided resource for the Telnyx platform. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to how it handles external data.
- Ingestion points: Untrusted data enters the application context via
transcriptUpdateFlow(which receives transcripts from an AI agent) andcustomHeaders(used for passing variables to the agent) as described inSKILL.md. - Boundary markers: The provided code examples lack boundary markers or explicit instructions to the agent to ignore potentially malicious content embedded within the transcripts or metadata.
- Capability inventory: The skill requests and uses capabilities including internet access (
INTERNET), audio recording (RECORD_AUDIO), and foreground service management for phone calls. - Sanitization: There is no evidence of input sanitization or validation for the AI-generated transcripts or custom headers before they are processed by the application logic.
Audit Metadata