pp-twilio
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
twilio-pp-cliandtwilio-pp-mcptools from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and NPM package (@mvanhorn/printing-press). These are vendor-owned resources used for the skill's primary purpose. - [COMMAND_EXECUTION]: The skill's operation relies on executing shell commands via
twilio-pp-clito perform Twilio API operations and manage a local SQLite database for offline analytics. - [DATA_EXFILTRATION]: The CLI tool includes a
--deliver webhook:<url>feature that allows routing command results, which may contain sensitive account data, call logs, or message bodies, to arbitrary external HTTP endpoints. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the Twilio API.
- Ingestion points: Data enters the agent context through commands like
messages list,calls fetch, andrecordings, which retrieve content from external sources. - Boundary markers: Absent. The instructions do not specify delimiters or warnings to treat Twilio data as untrusted.
- Capability inventory: The skill uses the
Bashtool to execute CLI commands and can write data to the filesystem using redirection (e.g.,> march-billing.csv). - Sanitization: No sanitization or filtering is performed on the message bodies or transcriptions before they are presented to the agent.
Audit Metadata