twilio-customer-memory
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official Twilio domains (memory.twilio.com) for all network operations and profile management tasks.
- [SAFE]: Authentication is handled according to security best practices, utilizing environment variables (TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN) rather than hardcoded credentials.
- [PROMPT_INJECTION]: The documentation describes a pattern for interpolating retrieved customer history and summaries into LLM prompts. While this is the intended functionality of the service, it represents a surface for indirect prompt injection. Developers using these snippets should ensure that data interpolated from the Memory Store is wrapped in boundary delimiters (such as XML tags or triple quotes) and that the agent is instructed to treat the content as data rather than instructions.
Audit Metadata