icontact
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage via npm. This is a legitimate tool provided by the vendor for interacting with their services. - [COMMAND_EXECUTION]: The instructions include several shell commands for the
membraneCLI to perform actions such as logging in, searching for connectors, and running integration actions. These are standard operations for the skill's intended purpose. - [DATA_EXFILTRATION]: While the skill involves moving data between the agent and IContact, all network operations are performed through the vendor's proxy (
membrane request), which manages authentication and data handling securely. - [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, instructing the use of the platform's connection management instead, which is a positive security practice.
- [PROMPT_INJECTION]: No malicious prompt injection patterns or attempts to override agent behavior were detected in the instructions.
Audit Metadata