twilio-voice-conversation-relay
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill documentation addresses the ingestion of untrusted ASR-transcribed caller speech (voicePrompt) into an LLM context, representing an indirect prompt injection surface. 1. Ingestion points: Untrusted transcripts are received via the 'prompt' WebSocket event in SKILL.md. 2. Boundary markers: The documentation explicitly instructs developers to isolate user input within structured system prompts and implement topic boundaries. 3. Capability inventory: The skill enables text-to-speech responses through WebSocket messages as shown in the code examples in SKILL.md. 4. Sanitization: The skill recommends implementing output filtering for generated content.
- [SAFE]: The skill correctly instructs users to manage sensitive credentials like TWILIO_AUTH_TOKEN via environment variables and uses official vendor-provided libraries for Node.js and Python.
Audit Metadata