highrise
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage, which is the official command-line interface for the vendor's platform. This tool is required to facilitate communication between the agent and the Highrise API. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to execute various operations, including authentication, connection management, and running specific CRM actions or raw API requests. This is the intended functional mechanism of the skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes data from external CRM records (such as notes, person details, and deals).
- Ingestion points: Untrusted data enters the agent context through actions like
list-people-v2,get-person-v2,list-deals-v2, and direct API requests viamembrane request(SKILL.md). - Boundary markers: The instructions do not provide specific markers or guidance for the agent to distinguish between its primary instructions and potential instructions embedded within the retrieved CRM data.
- Capability inventory: The agent has the capability to execute shell commands and interact with the filesystem/network via the
membraneCLI (SKILL.md). - Sanitization: There is no mention of sanitizing or filtering the content retrieved from Highrise before it is processed by the agent.
Audit Metadata