activecampaign
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage via NPM. This is a verified command-line tool provided by the skill's author to facilitate secure communication with the Membrane platform. - [COMMAND_EXECUTION]: All operations are performed through the
membraneCLI. This includes authentication (membrane login), connection management (membrane connect), and running marketing actions, which are necessary for the skill's stated purpose. - [SAFE]: The skill correctly directs users to use Membrane's managed connection system, ensuring that no sensitive ActiveCampaign API keys or tokens are stored locally or handled by the agent in cleartext.
- [SAFE]: A surface for indirect prompt injection is present because the skill processes data from ActiveCampaign (such as contact and deal information). However, this is inherent to CRM integrations, and no malicious instructions or suspicious code execution patterns were detected.
Audit Metadata