voice-call

This manifest describes a voice-call plugin with expected capabilities and required telephony provider credentials. The content itself is not malicious. Primary risks are operational and supply-chain hygiene: sensitive provider credentials stored in plugin config must be protected, implementation must be audited to ensure API calls go directly to official provider endpoints (no third-party proxies), and agent/CLI usage should include safeguards (explicit user consent, rate limits, logging) to prevent abusive or accidental outbound calls. Review the actual implementation code to confirm no hidden network intermediaries, no credential forwarding, and that secret storage and consent policies are appropriate.