telnyx-webrtc-javascript
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the official
telnyxnpm package, which is the legitimate and expected SDK for the vendor's platform. - [SAFE]: Setup instructions correctly recommend the use of environment variables (
process.env['TELNYX_API_KEY']) for credential management rather than hardcoding sensitive keys. - [SAFE]: Example code for creating push credentials uses generic PEM placeholders for certificates and private keys, which do not contain real or sensitive data.
- [SAFE]: The skill reads data from external API endpoints (e.g., listing telephony and push credentials), which represents a potential surface for indirect prompt injection. However, this is expected behavior for a management skill.
- Ingestion points: API responses from
client.mobilePushCredentials.list()andclient.telephonyCredentials.list()in SKILL.md. - Boundary markers: None provided in the documentation snippets.
- Capability inventory: Management operations via the Telnyx SDK (create, retrieve, update, delete).
- Sanitization: Standard SDK behavior is assumed; no custom sanitization logic is implemented in the documentation examples.
Audit Metadata