google-campaign-manager
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package globally using npm. This is the official command-line interface provided by the vendor (Membrane) to interact with their services.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various
membraneCLI commands. These includemembrane loginfor authentication,membrane searchandmembrane connectfor managing service connections, andmembrane action runormembrane requestfor data retrieval and manipulation. These operations are within the scope of the skill's primary function of managing digital marketing campaigns. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from external Google Campaign Manager 360 API responses.
- Ingestion points: Output from
membrane action list,membrane action run, andmembrane request(SKILL.md). - Boundary markers: Absent. The skill does not define specific delimiters to separate API data from instructions.
- Capability inventory: The skill utilizes shell commands (
membraneCLI) that can read from and write to external APIs and the local environment (SKILL.md). - Sanitization: No explicit sanitization or validation of the external API content is defined in the instructions.
Audit Metadata