telnyx-texml-javascript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly states that Telnyx will request TeXML from the "XML Request URL" / the "voice_url" configured for a TeXML application (e.g., "Telnyx will request TeXML from the XML Request URL configured for the connection" and the voice_url parameter), which means the system fetches and executes externally-hosted TeXML/markup (untrusted third‑party content) that can change call behavior.