setup-webhook
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Executes an installation script from the vendor's official domain (
vapi.ai) via a piped shell command. It also includes instructions for running a remote MCP server vianpxusing the vendor's official documentation endpoint. - [EXTERNAL_DOWNLOADS]: Fetches configuration files and setup scripts from official vendor domains including
vapi.aianddocs.vapi.ai. - [COMMAND_EXECUTION]: Utilizes
curlto interact with the vendor's API endpoints (api.vapi.ai) for patching assistant settings and phone number configurations. - [PROMPT_INJECTION]: The skill sets up infrastructure to ingest and process real-time transcripts and tool calls from external phone interactions, which introduces a surface for indirect prompt injection.
- Ingestion points: The webhook server receives
transcript,tool-calls, andassistant-requestmessages containing external user data. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the provided implementation examples.
- Capability inventory: The skill allows the agent to execute shell commands (
curl) and modify remote service configurations. - Sanitization: The example code demonstrates processing incoming JSON payloads without explicit sanitization or validation of the text content within transcripts.
Recommendations
- HIGH: Downloads and executes remote code from: https://vapi.ai/install.sh - DO NOT USE without thorough review
Audit Metadata