twilio-cli-reference
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents terminal commands for the Twilio CLI to provision phone numbers, send communications, and manage serverless deployments. This is the primary function of the skill.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the
twilio-cliand official plugins (from the@twilio-labsnamespace) via standard package managers like Homebrew, Scoop, and NPM. It also suggestsngrokfor webhook tunneling. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to interpolate user-provided content into CLI command arguments (e.g., message bodies or email text).
- Ingestion points: User-supplied text for SMS and email content in
SKILL.md. - Boundary markers: None mentioned for the command generation.
- Capability inventory: Subprocess execution of Twilio CLI commands.
- Sanitization: Not explicitly defined within the reference documentation.
Audit Metadata