close
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to interact with Close CRM data and manage connections. This is the intended primary functionality of the skill and uses the vendor's official command-line interface.
- Evidence: Use of membrane action run, membrane request, and membrane connection commands throughout SKILL.md.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Membrane CLI tool from the public npm registry. This package (@membranehq/cli) is managed by the vendor membranedev.
- Evidence: npm install -g @membranehq/cli in SKILL.md.
- [PROMPT_INJECTION]: The skill processes data from Close CRM, which constitutes an indirect prompt injection surface. This is a common property of CRM integrations where external data is ingested.
- Ingestion points: Data entering through list-leads, list-contacts, and list-activities in SKILL.md.
- Boundary markers: No explicit instructions for delimiters are provided in the skill text.
- Capability inventory: The skill can execute CRM actions and make proxy requests via the membrane CLI.
- Sanitization: No explicit sanitization or filtering of the fetched CRM content is specified in the skill file.
Audit Metadata