pp-twilio

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the twilio-pp-cli and twilio-pp-mcp tools from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and NPM package (@mvanhorn/printing-press). These are vendor-owned resources used for the skill's primary purpose.
  • [COMMAND_EXECUTION]: The skill's operation relies on executing shell commands via twilio-pp-cli to perform Twilio API operations and manage a local SQLite database for offline analytics.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> feature that allows routing command results, which may contain sensitive account data, call logs, or message bodies, to arbitrary external HTTP endpoints.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the Twilio API.
  • Ingestion points: Data enters the agent context through commands like messages list, calls fetch, and recordings, which retrieve content from external sources.
  • Boundary markers: Absent. The instructions do not specify delimiters or warnings to treat Twilio data as untrusted.
  • Capability inventory: The skill uses the Bash tool to execute CLI commands and can write data to the filesystem using redirection (e.g., > march-billing.csv).
  • Sanitization: No sanitization or filtering is performed on the message bodies or transcriptions before they are presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 06:00 PM
Security Audit — agent-trust-hub — pp-twilio