telnyx-webrtc-client-android
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration references the JitPack repository and the 'team-telnyx' GitHub organization to fetch the WebRTC Android SDK. These are well-known and official sources corresponding to the skill's author, posing no security risk.
- [PROMPT_INJECTION]: The skill processes external data, creating a surface for indirect prompt injection.
- Ingestion points: Data enters the agent context via 'telnyxClient.transcriptUpdateFlow' (AI Agent transcripts) and 'remoteMessage.data' (push notifications) in 'SKILL.md'.
- Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the snippets.
- Capability inventory: No dangerous tools or actions (exec/eval, file-write, network-ops) are exposed to this data in the provided code.
- Sanitization: No sanitization of ingested content is described in the integration examples.
- [CREDENTIALS_UNSAFE]: The documentation provides examples for SIP and JWT authentication using placeholders like 'your_sip_username' and 'your_jwt_token', following safe documentation practices.
Audit Metadata