telnyx-voice-javascript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md Webhooks and Call Control examples show the skill receives and unwraps HTTP webhook payloads sent to user-configured webhook_event_url/webhook URLs (and parses fields like payload.call_control_id, client_state, custom_headers and sip_headers), which are untrusted third-party caller content that the agent is expected to interpret and can directly drive subsequent Call Control actions.