Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/retellai-webhooks-events/Gen Agent Trust Hub

retellai-webhooks-events

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data in the form of call transcripts provided by the Retell AI webhook payload.
  • Ingestion points: Transcripts are ingested in SKILL.md (Step 2) and references/webhook-handlers.md within the handleCallEnded function.
  • Boundary markers: The provided code examples do not include boundary markers or instructions to the LLM to ignore potentially malicious content within transcripts.
  • Capability inventory: The skill's implementation templates involve file/database writes (db.calls.create), network operations via CRM/Alerting integrations, and task creation.
  • Sanitization: There is no evidence of sanitization or validation of the transcript content before it is passed to downstream processing (e.g., in the extractActionItems function).
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 12:35 PM
Security Audit — agent-trust-hub — retellai-webhooks-events