enrow
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/cliglobal npm package. This is the official command-line interface for the Membrane platform, used to manage connections and execute actions securely. - [COMMAND_EXECUTION]: Uses the
membraneCLI to authenticate and run actions against the Enrow API. These commands are part of the standard integration workflow for the vendor's platform. - [DATA_EXFILTRATION]: Retrieves data through the Membrane proxy which manages authentication and prevents the exposure of API keys or credentials within the agent's environment.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the Enrow API (e.g., lead enrichment search results) into the agent context via the
membraneCLI. No explicit boundary markers or sanitization logic is provided in the instructions for this ingested data, which presents a surface for potential indirect prompt injection.
Audit Metadata