twilio-identity-verification-advisor
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill operates strictly as a discovery-tier advisor for planning identity verification workflows. It qualifies user needs and provides architectural patterns rather than performing actions or accessing system resources.\n- [NO_CODE]: There are no scripts, binaries, or external code dependencies included in the skill. The logic is entirely instructional.\n- [SAFE]: All referenced domains (twilio.com) and internal skill identifiers (e.g., twilio-verify-send-otp) are legitimate vendor resources owned by Twilio.\n- [SAFE]: The instructions emphasize security best practices, such as protecting Service SIDs and enabling Fraud Guard for SMS pumping protection.\n- [PROMPT_INJECTION]: The skill identifies user intent from descriptions of verification requirements, creating a surface for indirect prompt injection. However, as a planning skill with no executable tools, the risk is negligible.\n
- Ingestion points: User-supplied descriptions of verification scenarios (SKILL.md).\n
- Boundary markers: Absent.\n
- Capability inventory: No tools or scripts are provided; the skill's capabilities are limited to providing architectural advice.\n
- Sanitization: Absent.
Audit Metadata