twilio-voice
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches Node.js and ngrok installation resources from well-known technology providers (NodeSource and ngrok's official S3/Equinox buckets). These are standard tools for the described development workflow.
- [COMMAND_EXECUTION]: Uses
sudofor system package installation and the creation of a systemd service. These actions are standard for deploying and managing a production-ready webhook service on Linux systems. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing caller-supplied input (DTMF digits and speech). The implementation mitigates this through proper validation and SDK usage.
- Ingestion points: Webhook endpoints in server.js and app.py which process Twilio POST requests.
- Boundary markers: Implements Twilio X-Twilio-Signature validation to verify the authenticity of incoming requests.
- Capability inventory: Initiates outbound calls and executes TwiML verbs like Dial, Gather, and Record.
- Sanitization: Uses the Twilio SDK's VoiceResponse builders to generate valid XML, preventing common injection issues in TwiML.
Audit Metadata