centralstationcrm
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the NPM registry. This is a vendor-owned package used to facilitate the connection between the agent and the CRM platform. - [COMMAND_EXECUTION]: Employs the
membranecommand-line utility to perform integration tasks such as searching for connectors, establishing connections, and executing CRM actions. These commands are restricted to the functionality provided by the Membrane platform. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it retrieves data from an external CRM which may contain untrusted content.
- Ingestion points: Untrusted data enters the agent context through actions that list people, companies, deals, projects, and tasks as defined in
SKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat data from CentralStationCRM as untrusted or to ignore embedded instructions.
- Capability inventory: The skill possesses capabilities to create, update, and delete data within the CRM, as well as the ability to make arbitrary HTTP requests via the
membrane requestcommand. - Sanitization: No specific sanitization, validation, or filtering of the content retrieved from the CRM API is mentioned.
Audit Metadata