agentphone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill explicitly ingests untrusted, user-generated content (real-time voice transcripts, SMS messages, recentHistory, and recording URLs) via webhooks as described in the "Call flow (webhook mode)" and "Webhooks" sections of SKILL.md, and the docs show webhook handlers and LLM/tool-calling logic that read that content and drive responses/actions—allowing malicious caller input to influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill sends runtime events to user-configured webhook URLs (e.g., https://your-server.com/webhook) whose JSON/NDJSON responses directly determine what the agent says, so external webhooks are runtime dependencies that can execute code and control prompts.