The Agent Skills Directory

[SAFE]: The skill uses the official telnyx Ruby gem. The installation process via gem install telnyx is the standard and expected method for this library.
[SAFE]: Sensitive credentials are handled securely. The implementation uses environment variables (ENV["TELNYX_API_KEY"]) for authentication, which is a recommended security practice to avoid hardcoding secrets.
[SAFE]: The documentation explicitly promotes security best practices by including a section on Webhook Verification. It provides code examples using client.webhooks.unwrap to verify Ed25519 signatures, protecting the application from spoofed requests.
[PROMPT_INJECTION]: The skill handles untrusted data as its primary function (gathering speech and DTMF input from callers). While this presents an indirect prompt injection surface, it is consistent with the skill's purpose as a telephony integration tool.
Ingestion points: Untrusted data enters the flow through webhook payloads such as data.payload.digits and AI gather results in SKILL.md.
Boundary markers: Not present in the simplified SDK examples.
Capability inventory: The skill allows managing call flows and sending messages via the Telnyx API.
Sanitization: The examples do not show explicit sanitization, though they focus on the transport and authentication layer of the API.

telnyx-voice-gather-ruby