twenty

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to call external Twenty API endpoints (e.g., GET ${TWENTY_API_URL}/rest/notes, /rest/people, /rest/companies at https://api.twenty.com or a user-provided TWENTY_API_URL) and parse returned notes/people/tasks which are user-generated/untrusted content the agent is expected to read and interpret, enabling indirect prompt injection.