twenty-crm
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Bash scripts and Python to manage API requests. It correctly uses command-line arguments and JSON serialization to prevent shell injection. Payload data is briefly stored in a temporary file in /tmp.
- [EXTERNAL_DOWNLOADS]: Network calls are made to the user-provided CRM base URL using curl. There is no evidence of downloading external executable content.
- [DATA_EXFILTRATION]: Configuration settings, including the API key, are sourced from a local environment file at the hardcoded path /Users/jhumanj/clawd/config/twenty.env.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external CRM data. Ingestion points: API responses in scripts/twenty-rest-get.sh and scripts/twenty-graphql.sh. Boundary markers: Absent. Capability inventory: curl for network access and local file reading. Sanitization: Incoming content from the CRM is not sanitized for LLM instructions before being presented to the agent.
Audit Metadata