activeprospect
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the @membranehq/cli package, which is a verified resource from the vendor used for platform interaction.
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI for connection management and API requests, which is the intended and documented functionality.
- [PROMPT_INJECTION]: The skill processes external data from the ActiveProspect API, establishing an indirect prompt injection surface. 1. Ingestion points: API responses from actions and proxy requests in SKILL.md. 2. Boundary markers: None identified. 3. Capability inventory: Subprocess execution and network requests via the membrane CLI. 4. Sanitization: No explicit sanitization of external data is defined.
Audit Metadata