bland-ai
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage via npm. This is a legitimate developer utility provided by the skill author for managing integrations. - [COMMAND_EXECUTION]: The instructions guide the agent to use the
membraneCLI to perform authentication, search for connectors, and execute actions. These are standard operations for interacting with the Membrane platform. - [DATA_EXFILTRATION]: No unauthorized data transfer was detected. The skill emphasizes using Membrane's server-side credential management to avoid handling sensitive API keys locally.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from Bland AI, such as call transcripts and record details, which represents a potential injection surface.
- Ingestion points: Data enters the agent's context through
membrane action runandmembrane requestoutput. - Boundary markers: None are explicitly defined in the provided markdown instructions.
- Capability inventory: The skill uses the CLI for network requests and action execution.
- Sanitization: The instructions do not specify sanitization for the data retrieved from the API.
- [SAFE]: The skill correctly directs users to official resources and uses secure-by-default practices for credential management through a trusted proxy service.
Audit Metadata