twilio-conversations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests inbound Twilio webhook payloads (see the /twilio/conversations/webhook Express handler in SKILL.md and the "handle_inbound_sms" STOP-handling example) and parses user message bodies to drive actions like participant removal, suppression, Studio triggers, and escalations, so untrusted third-party user content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The setup instructions include an explicit remote script execution via curl | bash (https://deb.nodesource.com/setup_20.x) which is fetched during installation and would execute remote code that the skill relies on for its Node.js runtime, so it constitutes a high-confidence runtime external dependency that can execute code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt includes explicit sudo install commands and instructions to create/modify system-level files (systemd unit, /etc configs, nginx), which instructs changes requiring elevated privileges and can alter the machine state.