phone-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill ingests untrusted, user-generated content from incoming phone calls via the Twilio WebSocket (scripts/server.py websocket_endpoint -> deepgram_receiver / process_transcript) and feeds those transcripts into the LLM to drive TTS responses and outbound call logic, which could allow indirect prompt injection.