telnyx-texml-python

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Initiate an outbound call" and TeXML application creation docs state Telnyx will request TeXML from the configured XML Request URL / voice_url (e.g., the Mission Control Portal XML Request URL or voice_url passed when creating an app), which means arbitrary external web-hosted TeXML can be fetched and interpreted to control call behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The SDK examples show Telnyx will request TeXML at runtime from the configured voice_url (example used: https://example.com), and that fetched TeXML directly controls call/voice instructions, so external content can control the agent.