cflow
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of the
membraneCLI tool to perform actions such as logging in, connecting to services, and running workflow actions. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm, which is the official command-line interface provided by the vendor. - [PROMPT_INJECTION]: The skill processes external data retrieved from Cflow (such as records, notes, and form fields), which could potentially contain malicious instructions intended to influence the agent's behavior (Indirect Prompt Injection).
- Ingestion points: Data enters the agent context via
membrane action runandmembrane requestcommands that fetch records and notes from Cflow. - Boundary markers: The provided instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the retrieved data.
- Capability inventory: The skill has the capability to execute shell commands (
membraneCLI) and perform network requests (via the CLI proxy). - Sanitization: There is no explicit mention of sanitizing or validating the content retrieved from the Cflow API before it is processed by the agent.
Audit Metadata