Skills
skills/team-telnyx/ai/telnyx-voice-gather-python/Gen Agent Trust Hub

telnyx-voice-gather-python

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official telnyx Python package from a standard registry. This is consistent with the skill's stated purpose of providing SDK examples for the Telnyx platform.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to the processing of untrusted caller input.
  • Ingestion points: Untrusted data enters the agent context via message_history and result fields in webhooks such as CallAIGatherEnded and CallAIGatherMessageHistoryUpdated (SKILL.md), which contain transcribed speech from callers.
  • Boundary markers: The provided examples do not explicitly demonstrate the use of delimiters or instructions to ignore embedded commands within the voice transcription data.
  • Capability inventory: The skill provides instructions for performing call control actions including add_ai_assistant_messages, start_ai_assistant, gather, and gather_using_ai (SKILL.md).
  • Sanitization: There is no explicit sanitization or validation shown for the content of the message_history or gathered parameters before they are processed by the AI assistant logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 06:54 PM
Security Audit — agent-trust-hub — telnyx-voice-gather-python