conversionomics
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI (
@membranehq/cli) from the NPM registry. This package is a vendor-owned resource from membranedev, required to interact with the platform. - [COMMAND_EXECUTION]: Shell commands such as
membrane login,membrane connect, andmembrane action runare used to manage the integration. These are standard operations for the tool's intended purpose. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it retrieves data from the Conversionomics API.
- Ingestion points: Results from
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: Not present.
- Capability inventory: Data retrieval and workflow automation via the Membrane CLI.
- Sanitization: No explicit sanitization of external API data is mentioned. This represents a standard risk for integration skills and is handled by the platform's structured action schema.
Audit Metadata