fireberry
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package globally via npm. This is a vendor-owned resource from the skill author (membranedev) and is a standard requirement for using the Membrane platform.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform tasks such as authentication, searching for elements, and executing actions. These commands are essential for the integration's intended functionality.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it fetches data from the Fireberry CRM (e.g., tasks, notes, and contacts) which can contain untrusted content.
- Ingestion points: Data is ingested through membrane action run and membrane request commands.
- Boundary markers: The skill does not provide explicit markers or instructions to the agent to ignore instructions embedded within the retrieved data.
- Capability inventory: The agent has the capability to execute system commands via the membrane CLI.
- Sanitization: There is no evidence of sanitization or filtering of the external CRM data before it is processed by the agent.
Audit Metadata