Twilio SMS Automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime workflow includes handling incoming SMS webhook content (e.g., app.post('/sms/incoming'...) reads req.body fields like Body and uses it to branch logic), and that Body is free-form text authored by an outsider (the SMS sender) that becomes LLM-readable context if the agent incorporates it.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The voice_config includes a twiml_url ("https://api.example.com/voice/script") that Twilio will fetch at call time to retrieve TwiML which directly controls spoken prompts and call flow, so an external URL is used at runtime to control instructions.