telnyx-ai-inference-javascript
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the "telnyx" npm package, which is the official SDK from the verified vendor.
- [CREDENTIALS_UNSAFE]: API key handling is performed securely using environment variables (process.env["TELNYX_API_KEY"]), avoiding the risk of hardcoded secrets.
- [COMMAND_EXECUTION]: Basic shell commands for package installation and Node.js script execution are present but restricted to standard development workflows.
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection through its data ingestion features:
- Ingestion points: User-provided chat messages in "createCompletion", external website content crawled via "embeddings.url", and file contents processed in "summarize".
- Boundary markers: No explicit boundary markers or instruction-ignoring warnings are present in the documentation examples.
- Capability inventory: The skill facilitates API calls to the Telnyx backend for generating text, creating embeddings, and summarizing documents; it does not demonstrate local file-system or OS-level execution capabilities.
- Sanitization: Input sanitization or validation is not demonstrated within the provided code snippets.
Audit Metadata