Skills
skills/tdimino/claude-code-minoan/telnyx-api/Gen Agent Trust Hub

telnyx-api

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements logic for processing incoming SMS/MMS messages via webhooks (e.g., in SKILL.md, references/webhooks.md, and assets/examples/webhook-handler.ts). These examples ingest untrusted user text (event.payload.text) and interpolate it directly into conversation state machines or response handlers. The absence of boundary markers or sanitization in these patterns creates a surface for indirect prompt injection, where a malicious message sender could attempt to influence the agent's behavior.
  • Ingestion points: Webhook payload text (event.payload.text) in SKILL.md, assets/examples/webhook-handler.ts, and references/webhooks.md.
  • Boundary markers: Absent in the provided examples.
  • Capability inventory: Includes network operations (sendSMS, axios.post, fetch) and conversation state management across multiple scripts.
  • Sanitization: Absent in the provided code patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:39 PM
Security Audit — agent-trust-hub — telnyx-api