active-trail
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the
@membranehq/clipackage via NPM. This is a vendor-owned resource used for the skill's primary functionality and is considered a safe dependency within the context of the author. - [COMMAND_EXECUTION]: The skill instructions rely on the execution of the
membraneCLI tool to manage authentication, discover actions, and interact with the Active Trail API. These commands are necessary for the skill's operation and use the platform's standard interface. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it retrieves content from an external marketing platform that may contain untrusted data.
- Ingestion points: Data enters the agent context through actions such as
list-contacts,get-campaigns, andget-templatewhich fetch user-generated content from Active Trail. - Boundary markers: The skill does not define specific delimiters or instructions to the agent to disregard potential commands embedded within the retrieved marketing data.
- Capability inventory: The agent has the ability to execute destructive actions (e.g.,
delete-contact) and perform arbitrary HTTP requests using themembrane requestcommand. - Sanitization: There is no evidence of sanitization or validation performed on the data retrieved from the Active Trail API before it is processed by the agent.
Audit Metadata