Skills
skills/vapiai/skills/create-phone-number/Gen Agent Trust Hub

create-phone-number

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to run npx -y mcp-remote https://docs.vapi.ai/_mcp/server. This downloads a package from the npm registry and executes it at runtime. Vapi is not among the designated trusted external sources.\n- COMMAND_EXECUTION (LOW): The skill provides multiple bash snippets using curl to interact with the Vapi API. While essential for its function, it involves local shell execution handling sensitive API keys.\n- DATA_EXFILTRATION (LOW): The skill transmits credentials (including VAPI_API_KEY and third-party tokens for Twilio/Vonage) to api.vapi.ai. As this domain is not on the trusted whitelist (e.g., github.com), it is technically flagged as a network data exposure risk.\n- PROMPT_INJECTION (LOW): The skill creates a surface for indirect prompt injection by interpolating user-provided values (like assistantId and twilioAuthToken) directly into shell commands.\n
  • Ingestion points: SKILL.md template placeholders for assistantId, twilioAccountSid, twilioAuthToken, and {id}.\n
  • Boundary markers: Absent; commands do not use delimiters or sanitization logic to separate instructions from data.\n
  • Capability inventory: Shell execution of curl and npx with network access to external APIs.\n
  • Sanitization: None; the skill provides raw templates without input validation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 07:03 PM