twilio-webhook-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md's Quickstart and webhook examples explicitly show the agent handling inbound Twilio webhooks (e.g., reading request.form Body and MediaUrl0..N and receiving Event Streams/webhook sink posts), which are untrusted, user-generated content delivered from external callers and can directly influence responses or downstream actions.