saas-telephony
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlandjqto communicate with the vendor's telephony API. This is consistent with its stated purpose of sending SMS and making calls. - [EXTERNAL_DOWNLOADS]: Network requests are directed to the service endpoint defined by
$SAAS_API_URL. All operations target the vendor's infrastructure for the intended telephony functionality. - [PROMPT_INJECTION]: The skill takes user input to populate message bodies and voice prompts. Ingestion points: fields like
bodyandpromptin SKILL.md. Boundary markers: none. Capability inventory: network communication viacurlto$SAAS_API_URL. Sanitization: none. This surface is standard for telephony functionality. - [CREDENTIALS_UNSAFE]: Authentication is handled via the
SAAS_API_KEYenvironment variable. No hardcoded credentials or unauthorized access to sensitive local files were identified.
Audit Metadata