twilio-enterprise-knowledge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly allows adding "Web" sources that crawl arbitrary URLs in "Step 2 — Add a Knowledge Source" and then shows those retrieved chunks being injected into the agent's system prompt in "Step 4 — Search and Inject into LLM", so untrusted public web content can be fetched and directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the Twilio Knowledge Search API (https://knowledge.twilio.com/v1/KnowledgeBases/{kb_id}/Search) at runtime and injects the returned "chunks" directly into the system prompt, so fetched external content can directly control agent instructions.