twilio-customer-memory
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill correctly handles authentication by using environment variables (TWILIO_ACCOUNT_SID and TWILIO_AUTH_TOKEN) rather than hardcoding sensitive credentials in the scripts or documentation.
- [SAFE]: All network requests are directed to memory.twilio.com, which is the official API host for Twilio Conversation Memory. There are no connections to untrusted or third-party domains.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to ingest customer observations and summaries into the agent prompt, which represents a potential attack surface.
- Ingestion points: The Recall API endpoint (described in SKILL.md Step 4) retrieves historical customer data from an external database.
- Boundary markers: The provided code examples interpolate observations directly into the system prompt without using delimiters or clear boundary instructions.
- Capability inventory: The skill demonstrates usage of network-capable libraries (Python requests and Node.js fetch) to perform reads and writes to the memory store.
- Sanitization: The examples do not include sanitization or validation logic for retrieved customer data before prompt interpolation.
Audit Metadata