telnyx-twilio-migration
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions override the AI agent's typical conversational model by enforcing an autonomous execution mode that significantly reduces human oversight during destructive operations.
- The instructions explicitly command: "Phases 1–6 run fully autonomously — do NOT ask the user any questions."
- It further dictates that the agent should only present issues to the user if a failure persists after three autonomous fix attempts, effectively concealing interim code changes and errors.
- [COMMAND_EXECUTION]: The skill orchestrates complex filesystem and network operations through a series of shell and Python scripts that modify the local environment.
- Phase 4 involves autonomous, file-by-file modifications to the project's source code to replace Twilio logic with Telnyx implementations.
- The skill uses various scripts (e.g.,
run-discovery.sh,validate-migration.sh) to perform deep scans and transformations. - The script
scripts/test-migration/webhook-receiver.pyutilizessubprocess.Popento manage local test processes. - [EXTERNAL_DOWNLOADS]: The skill automates the installation of several developer tools and libraries.
- It initiates
pip install,npm install, andgo getfor Telnyx-branded SDKs across multiple languages. - While these packages originate from the official vendor (team-telnyx), the autonomous nature of the skill means these installations occur without individual confirmation prompts.
Audit Metadata