Skills
skills/membranedev/application-skills/clickfunnels-classic/Gen Agent Trust Hub

clickfunnels-classic

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the official NPM registry and utilizes npx to run the latest version of the tool. These are standard procedures for utilizing the vendor's provided tooling.
  • [COMMAND_EXECUTION]: Interaction with ClickFunnels is performed through the membrane command-line interface, which includes operations for authentication, connection management, and executing API actions. These commands are necessary for the skill's stated purpose.
  • [PROMPT_INJECTION]: As the skill is designed to ingest and process data from external ClickFunnels endpoints, it presents a surface for indirect prompt injection where untrusted data could theoretically contain instructions.
  • Ingestion points: Data retrieved from ClickFunnels via membrane action run and membrane request commands (SKILL.md).
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the documentation.
  • Capability inventory: The agent can execute various CLI commands to read and modify data on the linked ClickFunnels account (SKILL.md).
  • Sanitization: Standard sanitization for CLI arguments is expected to be handled by the Membrane CLI tool itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 08:12 PM