twenty-crm
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate instructions for deploying an open-source CRM using Docker. It fetches a configuration file from the official Twenty repository on GitHub (
twentyhq/twenty), which is a well-known and reputable source. - [SAFE]: The code examples for GraphQL and REST API interactions use environment variables (
process.env.TWENTY_API_KEY) to manage authentication, which follows security best practices. No hardcoded credentials or secrets were found. - [SAFE]: All network operations (fetch calls) are directed to a local instance (
http://localhost:3000) or the official Twenty API endpoints. No unauthorized data exfiltration patterns were observed. - [SAFE]: The instructions do not contain prompt injection attempts, obfuscated code, or unauthorized privilege escalation commands.
Audit Metadata