agentphone
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill makes network requests to the vendor-owned API domain api.agentphone.to. These operations are essential for the skill's telephony functionality and are performed using a user-provided token with explicit safety warnings against leaking credentials to other domains.
- [COMMAND_EXECUTION]: The documentation provides curl shell command examples to illustrate API interactions. These examples are standard for developer documentation and do not involve autonomous execution or dangerous command piping.
- [PROMPT_INJECTION]: The skill interacts with external telephony data (transcripts and SMS) which represents an attack surface for indirect prompt injection.
- Ingestion points: Untrusted content enters the agent's context through transcripts retrieved from https://api.agentphone.to/v1/calls/{id}/transcript and SMS history retrieved from /v1/messages and /v1/conversations (SKILL.md).
- Boundary markers: The provided documentation does not define specific delimiters or guardrails for the processed transcript data.
- Capability inventory: The skill allows the agent to perform actions such as placing calls and sending messages based on processed data (SKILL.md).
- Sanitization: While the skill provides example code for server-side processing, it does not include built-in sanitization or filtering logic for the content of the transcripts or messages.
Audit Metadata