twilio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes untrusted, user-generated third-party content via Twilio webhooks and SendGrid inbound-parse (e.g., /twilio/sms/inbound, status callbacks, inbound parse examples and code) and the agent is expected to read/interpret those bodies (STOP handling, webhook processing, TwiML/verification flows) which can directly influence decisions and actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes explicit sudo install commands and instructions to create/modify system files (e.g., /etc/nginx conf, /etc/systemd/system service, /etc/twilio/twilio.env) which require elevated privileges and change the host system state, so it should be flagged.