Skills
skills/membranedev/application-skills/gong/Gen Agent Trust Hub

gong

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to interact with Gong. This allows the agent to perform actions like searching for connectors, connecting accounts, and running pre-defined actions.
  • [EXTERNAL_DOWNLOADS]: Recommends installing the @membranehq/cli tool via npm. This package is provided by the vendor to facilitate secure API communication.
  • [SAFE]: No hardcoded secrets or sensitive configuration files are accessed. Credential management is handled server-side by the Membrane platform, preventing local credential exposure.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface when handling external data.
  • Ingestion points: Retrieves call transcripts, meeting details, and user data from Gong (e.g., via get-call-transcripts and get-calls-extensive in SKILL.md).
  • Boundary markers: Absent; there are no instructions to delimit or ignore instructions found within the retrieved Gong data.
  • Capability inventory: The skill can perform write operations to Gong, such as create-meeting, update-meeting, and create-call (SKILL.md).
  • Sanitization: Absent; external data from Gong is processed without explicit sanitization or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 10:01 AM