The Agent Skills Directory

[SAFE]: The skill installs and utilizes the official telnyx Node.js package, which is a legitimate library provided by the vendor for interacting with their APIs.
[SAFE]: Code examples correctly demonstrate retrieving sensitive credentials from environment variables (process.env['TELNYX_API_KEY']) rather than hardcoding them, adhering to standard security practices.
[SAFE]: The documentation emphasizes the importance of verifying webhook signatures using Ed25519 and provides a functional code example for implementation, protecting the application against spoofing attacks.
[SAFE]: The skill documents tools for gathering user input via speech and DTMF, which inherently creates a surface for indirect prompt injection. However, as this is the intended primary purpose of the SDK, it does not constitute a malicious pattern.
Ingestion points: Voice and DTMF inputs collected through methods like gatherUsingAI and startAIAssistant, and data received in CallAIGatherEnded webhooks.
Boundary markers: No specific delimiters or instructions to ignore embedded commands are demonstrated in the snippets.
Capability inventory: Access to Telnyx telephony and messaging services via the provided SDK client.
Sanitization: The provided examples do not explicitly demonstrate sanitization of user-provided speech data, relying on the platform's underlying processing.

telnyx-voice-gather-javascript