twilio
Warn
Audited by Snyk on Feb 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads user-generated third-party content from Twilio (e.g., GET /2010-04-01/Accounts/{AccountSid}/Messages.json in the "Messages" section of SKILL.md), so the agent will ingest SMS/MMS bodies from arbitrary external users as part of its workflow, which could contain instructions that materially influence actions.
Audit Metadata