crisp
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage globally from npm, which is a verified resource provided by the vendor to facilitate the integration. - [COMMAND_EXECUTION]: Utilizes the
membranecommand-line interface to perform all operations, including login, connection management, and action execution. This centralizes security controls within the vendor's toolset. - [DATA_EXFILTRATION]: While the skill accesses customer interaction data (messages, profiles) from Crisp, it does so through authenticated Membrane connections, and the instructions explicitly advise against requesting or storing user credentials manually.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from Crisp (such as chat messages and user profiles) which could contain adversarial instructions.
- Ingestion points: Crisp messages and profiles are retrieved via
list-messages,get-conversation, andlist-people-profilescommands. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are provided in the skill text.
- Capability inventory: The skill can write data back to the external service (e.g.,
send-message,update-people-profile) and perform arbitrary API requests via themembrane requestproxy. - Sanitization: There is no mention of sanitization or escaping of the retrieved external content before it is processed by the agent.
Audit Metadata