1crm
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage via npm. This is a vendor-provided tool from the Membrane ecosystem used to facilitate the integration. - [COMMAND_EXECUTION]: The skill documentation includes multiple CLI commands for the
membraneutility, including login, action discovery, and action execution, which are necessary for the skill's primary function. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes data from 1CRM.
- Ingestion points: Data records from 1CRM (such as Notes, Emails, Tasks, and Leads) are retrieved into the agent context via
membrane action runormembrane request. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided in the skill template for handling the retrieved data.
- Capability inventory: The skill allows the agent to execute actions and make arbitrary API requests through the Membrane proxy, which could be exploited if malicious instructions are present in the ingested data.
- Sanitization: There is no evidence of local sanitization or filtering of the content retrieved from the CRM platform within the skill definition.
Audit Metadata