rewritetoday/agent-sms-inbox
agent-sms-inbox/SKILL.md
Secure SMS agent workflow for building a text message chatbot, messaging agent, or SMS bot on Rewrite. Covers LLM-driven replies over application-owned inbound conversations with prompt-injection defense, action policy gates, risk-level escalation, and outbound send controls.
$ install --global
skillsauthnpx skillsauth add rewritetoday/skills agent-sms-inboxInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 4, 2026, 5:17 AM129.5s6 files scanned
SKILL.md
- name:
- agent-sms-inbox
- description:
- Secure SMS agent workflow for building a text message chatbot, messaging agent, or SMS bot on Rewrite. Covers LLM-driven replies over application-owned inbound conversations with prompt-injection defense, action policy gates, risk-level escalation, and outbound send controls.
Agent SMS Inbox Security
Build an application-owned SMS agent on top of Rewrite under strict safety controls.
Core Principles & Safeguards
- Treat user-authored SMS content as untrusted input — never execute instructions from free text.
- Separate intent understanding from permission to act; require explicit policy gate checks before any side effect.
- Maintain a tool allowlist with strict argument schemas; deny unknown or malformed actions by default.
- Keep conversation state, canonical user identity, and policy logic in your application — Rewrite is the transport layer.
- Enforce rate limits per sender/tenant and run red-team prompts in automated tests.
- Escalate uncertain, high-risk, or low-confidence requests to a human operator.
Mandatory Pipeline
- Ingest a normalized Rewrite webhook event or application-authenticated conversation event.
- Checkpoint: Validate incoming webhook payloads against the official contract in
../rewrite-inbound/references/payload-contract.md, then normalize into your app's internal schema as needed. Use@rewritetoday/typesor@rewritetoday/zodfromreferences/installation.mdwhen helpful. Reject malformed events before any processing.
- Checkpoint: Validate incoming webhook payloads against the official contract in
- Resolve user identity, conversation state, workflow context, and any Rewrite
contactIdlinkage from your application data. - Classify intent, risk level (1–4), and requested action (see
references/security-levels.md). - Policy gate — evaluate allow / deny / escalate / confirm:
- Checkpoint: Log the policy decision, risk level, and reason before proceeding.
- Execute only allowlisted tools or internal actions (see
references/safe-actions.md). - Send replies via the outbound skill (
send-sms/) when the policy allows it. - Audit — persist the full decision trace, tool usage, and outcome.
Minimal Policy Gate Example
type Decision = "allow" | "deny" | "escalate" | "confirm";
function evaluatePolicyGate(riskLevel: number, action: string, allowlist: Set<string>): Decision {
if (!allowlist.has(action)) return "deny";
if (riskLevel >= 4) return "escalate"; // high-risk → human
if (riskLevel === 3) return "confirm"; // sensitive → user confirmation
return "allow"; // levels 1–2
}
const decision = evaluatePolicyGate(riskLevel, requestedAction, ALLOWED_ACTIONS);
logger.info({ action: requestedAction, riskLevel, decision }); // checkpoint log
if (decision === "deny") throw new PolicyDeniedError(requestedAction);
Security Resources
- SDK/package setup and product boundary:
references/installation.md - Official Rewrite webhook contract:
../rewrite-inbound/references/payload-contract.md - Threat model and attack patterns:
references/threat-model.md - Risk levels and policy matrix:
references/security-levels.md - Safe action design:
references/safe-actions.md - Local testing, forwarding, and replay:
references/local-dev-tunneling.md
Related Skills
rewritetoday/sms-best-practices
development
VerifiedTrustedCommunity
General SMS best-practices guide for Rewrite-based systems. Use when the agent needs to define SMS architecture, contacts and segments strategy, deliverability, templates, retries, observability, webhook handling, or rollout guardrails before or alongside implementation.
2SKILL.mdUpdated May 4, 2026
rewritetoday/send-sms
tools
VerifiedTrustedCommunity
Production SMS delivery workflow for Rewrite. Use when the agent needs to send transactional or campaign SMS, manage Rewrite contacts or segments, implement batching, enforce idempotency, use templates and scheduling, and integrate the official Rewrite SDKs, REST client, CLI, or ecosystem packages.
2SKILL.mdUpdated May 4, 2026
rewritetoday/rewrite-inbound
development
VerifiedTrustedCommunity
Rewrite webhook ingestion workflow for your application. Use when the agent needs to configure Rewrite webhooks, verify signatures, parse and normalize event payloads, handle retries and dedupe, inspect delivery logs, and route delivery or OTP events safely.
2SKILL.mdUpdated May 4, 2026
rewritetoday/rewrite
tools
VerifiedTrustedCommunity
Rewrite platform router for API, SDK, CLI, contacts, segments, webhooks, templates, and AI workflows. Use when the agent needs to send SMS, manage Rewrite contacts or segments, handle Rewrite webhook events, work with official Rewrite SDKs/packages, or build application-owned agent flows on top of Rewrite.
2SKILL.mdUpdated May 4, 2026