telnyx-voice-gather-java
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external voice and DTMF data from phone calls, creating a surface for indirect prompt injection.
- Ingestion points: Webhook payloads (e.g., CallAIGatherEnded, callGatherEnded) and parameters like audio_url or AI assistant message history described in SKILL.md.
- Boundary markers: Not present in the provided Java snippets or prompt instructions to prevent the model from obeying instructions embedded in voice or audio content.
- Capability inventory: The skill utilizes the Telnyx Java SDK to control calls, start AI assistants, and send messages based on gathered inputs, as seen in the API action sections of SKILL.md.
- Sanitization: While the skill demonstrates webhook signature verification for authentication, it does not include examples or instructions for sanitizing or validating the actual content gathered from callers before it is processed by the AI or used in subsequent commands.
Audit Metadata