The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or security vulnerabilities were detected in the skill instructions or scripts. The skill correctly identifies and warns about the security risks associated with unauthenticated webhooks.
[INDIRECT_PROMPT_INJECTION]: The skill processes webhook payloads containing data from external mail servers, which represents a potential attack surface. However, it explicitly includes security warnings and mitigation advice for this risk.
Ingestion points: Webhook payload parsing in the Python (Flask) and Node.js (Express) examples within SKILL.md.
Boundary markers: The documentation includes a specific note advising developers to isolate untrusted data fields, such as the reason field, before passing them to an LLM's system prompt.
Capability inventory: The example scripts are focused on processing and logging event data; no dangerous capabilities like subprocess execution or remote code loading are present in the code samples.
Sanitization: The skill provides guidance on using ECDSA signature verification (X-Twilio-Email-Event-Webhook-Signature) to authenticate incoming requests and ensure data integrity.

twilio-sendgrid-webhooks