telnyx-account-java
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions include the installation of the official Telnyx Java SDK ('com.telnyx.sdk:telnyx-java:6.26.0') via Maven or Gradle. This is a standard dependency provided by the vendor for their API integration.
- [CREDENTIALS_SAFE]: The 'Setup' section correctly recommends initializing the API client from environment variables using 'TelnyxOkHttpClient.fromEnv()', which avoids hardcoding sensitive API keys in the source code.
- [DATA_EXPOSURE]: The skill is designed to retrieve sensitive account data, including account balances, monthly charges, and invoice details. This access is appropriate given the skill's primary purpose of account management.
- [PROMPT_INJECTION]: The skill retrieves data from external API endpoints such as audit logs and webhook deliveries. This introduces a surface for indirect prompt injection if the retrieved data contains malicious instructions that the agent then processes.
- Ingestion points: 'SKILL.md' (e.g., 'client.auditEvents().list()', 'client.webhookDeliveries().list()')
- Boundary markers: Absent in the code examples.
- Capability inventory: No dangerous capabilities like shell execution or file system writing are present in the provided examples.
- Sanitization: Not explicitly implemented in the provided Java snippets.
Audit Metadata