telnyx-webrtc-client-flutter
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'telnyx_webrtc' package, which is the official SDK provided by the vendor 'team-telnyx'. Referencing official vendor libraries is a standard and expected part of the implementation process.
- [COMMAND_EXECUTION]: The documentation includes standard Flutter CLI commands such as 'flutter pub get' to manage and install project dependencies.
- [PROMPT_INJECTION]: The skill facilitates the ingestion of real-time transcripts from a remote AI agent through the 'onTranscriptUpdate' listener. This functionality introduces a surface for indirect prompt injection, where content within the transcript could potentially influence subsequent agent actions.
- Ingestion points: Transcript data is received via the 'onTranscriptUpdate' callback in 'SKILL.md'.
- Boundary markers: The provided implementation does not include specific delimiters or instructions to the agent to disregard commands embedded within the transcript text.
- Capability inventory: The skill allows the agent to interact with active calls, including ending calls, muting audio, and sending conversation messages.
- Sanitization: There is no evidence of transcript validation or sanitization before the data is processed or stored in the 'transcript' list.
Audit Metadata