gohighlevel
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends downloading the official
@membranehq/clitool and references GoHighLevel documentation and the author's public GitHub repository. These sources are considered trusted or well-known vendor resources. - [COMMAND_EXECUTION]: Provides instructions for installing the Membrane CLI and executing actions or API requests through the
membranecommand-line interface. This tool is provided by the skill author for managing integrations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its integration with external data from the GoHighLevel platform.
- Ingestion points: The skill retrieves potentially untrusted data from GoHighLevel contacts, campaigns, and conversations (SKILL.md).
- Boundary markers: No explicit markers or instructions are provided to isolate retrieved data from agent instructions.
- Capability inventory: The agent has the capability to run actions and send arbitrary HTTP requests to the GoHighLevel API via the
membrane requestcommand (SKILL.md). - Sanitization: There is no evidence of input validation or sanitization routines for the data ingested from the remote service.
Audit Metadata