adroll
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install '@membranehq/cli' from the NPM registry. This is a vendor-owned package (associated with membranedev) required for the skill's operation and is considered a safe, standard dependency.
- [SAFE]: No sensitive credentials, such as API keys, tokens, or private secrets, are hardcoded in the skill. It utilizes a secure OAuth-based 'login' flow provided by the Membrane platform.
- [SAFE]: The skill identifies a data ingestion surface where the agent processes external data from AdRoll API endpoints (e.g., reports and lists). While this represents a theoretical surface for indirect prompt injection, it follows standard integration patterns without exposing dangerous capabilities or lack of sanitization (Ingestion points: AdRoll API data; Boundary markers: None; Capability inventory: Membrane CLI subprocess calls; Sanitization: Implicitly handled by CLI command parameters).
Audit Metadata