espocrm
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
@membranehq/clipackage from the NPM registry. This is an official tool provided by the vendor (Membrane) to facilitate platform interactions. - [COMMAND_EXECUTION]: The skill relies on executing
membraneCLI commands to perform operations such as authentication, connection management, and API requests. These commands are executed in the local environment to interface with the Membrane service. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it retrieves data from an external CRM (EspoCRM). Content within leads, tasks, or opportunities could potentially contain malicious instructions intended to influence the agent's behavior.
- Ingestion points: Data retrieved via
membrane action runcommands (e.g.,list-leads,get-task) as described inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided in the skill documentation.
- Capability inventory: The agent has the ability to execute shell commands (
membrane) and perform network requests as detailed inSKILL.md. - Sanitization: No sanitization or validation of the retrieved CRM data is described.
- [SAFE]: The skill follows security best practices by using a CLI-based authentication flow, ensuring that API keys and sensitive credentials are not stored or handled directly within the skill's code or prompts.
Audit Metadata