Skills
skills/membranedev/application-skills/drimify/Gen Agent Trust Hub

drimify

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package via NPM to manage API interactions. This is a vendor-owned resource used for the skill's primary purpose.
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform operations such as searching for connectors, establishing connections, and running API actions. This is the intended behavior for automating Drimify tasks.
  • [PROMPT_INJECTION]: The skill retrieves external data from Drimify (leads, campaigns, stats) which could contain malicious instructions for the AI agent.
  • Ingestion points: Data enters the context via get-app-data-collection, list-app-data-collections, and the membrane request proxy tool.
  • Boundary markers: There are no explicit delimiters or instructions to the agent to ignore instructions within the retrieved data.
  • Capability inventory: The skill can execute shell commands and modify remote state via membrane action run and membrane request.
  • Sanitization: No validation or escaping of the external data is specified before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 07:56 AM