Trust Assessment
Telecom Agent Skill received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 3 high, 2 medium, and 0 low severity. Key findings include Skill requires full Twilio account access, Skill can access local filesystem for data upload, Skill handles and stores sensitive PII and call transcripts.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 41/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill requires full Twilio account access The skill explicitly instructs the user to link their Twilio account, granting the skill full programmatic control over their Twilio resources. A compromised or malicious skill could abuse this access to make unauthorized calls, send messages, or access sensitive call logs, leading to significant financial costs or privacy breaches. Implement granular OAuth scopes for Twilio access if possible, requesting only the minimum necessary permissions. Clearly document the extent of permissions and the associated risks. Ensure the skill's codebase is thoroughly audited for secure handling of credentials and API interactions. | LLM | SKILL.md:40 | |
| HIGH | Skill can access local filesystem for data upload The skill demonstrates functionality to upload data from local files (e.g., `leads.csv`) using `telecom campaign create "Outreach" --file leads.csv`. This implies the skill has read access to the local filesystem. A malicious instruction could direct the skill to read and potentially exfiltrate arbitrary sensitive files from the agent's environment. Implement strict file access controls, restrict file paths to a designated safe directory, and sanitize all file path inputs to prevent path traversal vulnerabilities. Avoid allowing the skill to read arbitrary files from the host system. | LLM | SKILL.md:47 | |
| HIGH | Skill handles and stores sensitive PII and call transcripts The skill is designed to handle large lists of phone numbers ('10,000+ numbers'), record call audio, and store full call transcripts. This involves processing and storing highly sensitive Personally Identifiable Information (PII) and private conversation data. A compromise of the skill or its 'secure Operator Console' could lead to a significant data breach. Implement robust data encryption at rest and in transit, strict access controls, and comprehensive data retention policies for all PII and sensitive conversation data. Conduct regular security audits of the 'Operator Console' and the skill's data handling mechanisms to ensure compliance with privacy regulations. | LLM | SKILL.md:16 | |
| MEDIUM | Dynamic Text-to-Speech susceptible to prompt injection The skill allows for dynamic 'Text-to-Speech' intro messages (e.g., `telecom agent call ... --intro "Hello from the AI team."`). If the content of the `--intro` message can be influenced by untrusted user input, a malicious actor could inject harmful or misleading speech, potentially impersonating the agent or spreading misinformation. Implement strict sanitization and validation for all user-provided text intended for Text-to-Speech conversion. Consider whitelisting allowed phrases or using a separate, sandboxed LLM for generating speech content to mitigate the risk of malicious speech injection. | LLM | SKILL.md:51 | |
| MEDIUM | Telegram bot provides remote admin and approval capabilities The skill describes 'Remote Admin' and 'Approvals' via a Telegram Bot. This creates an external control channel for potentially high-risk actions. If the Telegram bot or the associated account is compromised, an attacker could gain unauthorized administrative control over the telecom operations, including approving/denying critical actions. Implement strong authentication and authorization for the Telegram bot, such as multi-factor authentication. Ensure all sensitive commands require explicit confirmation from authorized users. Regularly audit the Telegram bot's security, access logs, and associated accounts for suspicious activity. | LLM | SKILL.md:23 |
Scan History
Embed Code
[](https://skillshield.io/report/ca903efeedb3c463)
Powered by SkillShield