twilio-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows webhook handlers that ingest incoming POSTs from Twilio/Telnyx (e.g., app.post('/webhooks/twilio' / '/api/sms/webhook') reading req.body and Body) and explicitly calls processIncomingSMS (including an "AI processing" path in Production Pattern #3), meaning untrusted, user-generated SMS/webhook content from third parties is parsed and can drive processing and responses.