telnyx-messaging-go

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data, which creates a surface for indirect prompt injection attacks.
  • Ingestion points: Incoming webhook payloads (r.Body) and inbound message text fields (data.payload.text) are processed by the agent in the webhook handling and message receiving flows described in SKILL.md and references/api-details.md.
  • Boundary markers: The skill does not define specific boundary markers or provide instructions to the agent to ignore potential instructions embedded within message content.
  • Capability inventory: The skill possesses network capabilities to send outbound messages through various methods like client.Messages.Send and client.Messages.SendWhatsapp.
  • Sanitization: The provided examples and instructions do not include steps for sanitizing or validating the content of received messages before processing.
  • [EXTERNAL_DOWNLOADS]: Fetches the official Telnyx Go SDK from the vendor's repository (github.com/team-telnyx/telnyx-go) for installation via the go get command.
  • [SAFE]: Credential management is handled securely by retrieving the API key from environment variables (os.Getenv("TELNYX_API_KEY")) rather than using hardcoded values.
  • [SAFE]: The skill provides clear instructions and code for verifying the authenticity of incoming webhooks using Ed25519 signatures, protecting against spoofing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 04:25 AM