twist-toolkit
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The core logic file contains hardcoded sensitive authentication credentials.\n
- Evidence:
scripts/twist_api.jsdefinesDEFAULT_CLIENT_SECRETwith a plaintext value. Exposure of these credentials could allow unauthorized parties to impersonate the integration or intercept user data.\n- [COMMAND_EXECUTION]: The skill executes shell commands to facilitate the OAuth login flow on the user's machine.\n - Evidence: In
scripts/twist_api.js, theexecfunction is used to callopen,start, orxdg-openwith a dynamically constructed URL to initiate the browser-based authentication process.\n- [PROMPT_INJECTION]: The skill processes external data from Twist, creating a vulnerability surface for indirect prompt injection.\n - Ingestion points: Data is retrieved from the Twist API via commands like
threads,comments,messages, andsearchinscripts/twist_api.js.\n - Boundary markers: No explicit boundary markers or structural delimiters (such as XML tags or guardrail instructions) are used to wrap external content before presentation to the agent.\n
- Capability inventory: The skill has extensive write capabilities, including posting messages (
reply), creating channels (add_channel), modifying users (add_workspace_user), and uploading files (upload_attachment).\n - Sanitization: The skill includes a
sanitizeForAIfunction inscripts/twist_api.jsthat redacts specific injection-related keywords (e.g., 'ignore all previous instructions'), which provides some protection but relies on a limited blacklist.
Recommendations
- AI detected serious security threats
Audit Metadata