twilio
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices for handling sensitive credentials by utilizing environment variables (TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN) rather than hardcoding them.- [SAFE]: All external dependencies are official packages from a well-known service provider (Twilio).- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection by processing untrusted data from incoming SMS and WhatsApp messages to drive automated response logic.
- Ingestion points: Webhook handler in app/api/webhooks/twilio/route.ts via formData.get('Body').
- Boundary markers: None.
- Capability inventory: Automated message responses using TwiML MessagingResponse.
- Sanitization: Employs basic string matching (toLowerCase().includes()) to identify command keywords.
Audit Metadata