telnyx-messaging-go
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data, which creates a surface for indirect prompt injection attacks.
- Ingestion points: Incoming webhook payloads (
r.Body) and inbound message text fields (data.payload.text) are processed by the agent in the webhook handling and message receiving flows described inSKILL.mdandreferences/api-details.md. - Boundary markers: The skill does not define specific boundary markers or provide instructions to the agent to ignore potential instructions embedded within message content.
- Capability inventory: The skill possesses network capabilities to send outbound messages through various methods like
client.Messages.Sendandclient.Messages.SendWhatsapp. - Sanitization: The provided examples and instructions do not include steps for sanitizing or validating the content of received messages before processing.
- [EXTERNAL_DOWNLOADS]: Fetches the official Telnyx Go SDK from the vendor's repository (
github.com/team-telnyx/telnyx-go) for installation via thego getcommand. - [SAFE]: Credential management is handled securely by retrieving the API key from environment variables (
os.Getenv("TELNYX_API_KEY")) rather than using hardcoded values. - [SAFE]: The skill provides clear instructions and code for verifying the authenticity of incoming webhooks using Ed25519 signatures, protecting against spoofing.
Audit Metadata