twilio-communications
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE: The skill follows industry standard practices for Twilio integrations.
- Credentials Management: The code correctly retrieves sensitive information like
TWILIO_ACCOUNT_SIDandTWILIO_AUTH_TOKENfrom environment variables usingos.environ, avoiding hardcoded secrets. - Webhook Security: The IVR pattern includes a
RequestValidatordecorator that verifies theX-Twilio-Signatureheader, protecting the application from spoofed requests. - Input Validation: The
send_smsmethod includes a helpervalidate_e164to ensure phone numbers match the required E.164 format via regular expressions. - Dependency Safety: All libraries used (
twilio,flask) are reputable and standard for these types of integrations. - Indirect Prompt Injection (LOW): As a communication skill, it handles untrusted data (phone numbers and message bodies) which are sent to external services. While the skill performs basic validation on phone numbers, it does not sanitize message bodies, which is typical for its purpose.
Audit Metadata