telnyx-texml-ruby

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly says (under "Initiate an outbound TeXML call" and in the TeXML Application examples) that Telnyx will request TeXML from the XML Request URL / voice_url you configure, meaning arbitrary external URLs can supply TeXML (untrusted third‑party content) that will be fetched and can control call behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill configures a voice_url (example shown as https://example.com) which Telnyx will fetch at call runtime to retrieve TeXML that directly controls call prompts/instructions, so this is a runtime external dependency that controls agent behavior.