justcall
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a legitimate set of instructions for managing JustCall data via the Membrane CLI. All external resources, including the npm package
@membranehq/cliand thegetmembrane.comdomain, are official resources from the vendor (membranedev). - [COMMAND_EXECUTION]: The skill guides the user to perform operations using the
membraneCLI. This is the intended primary functionality for this integration and does not involve unauthorized activities or dangerous shell patterns. - [PROMPT_INJECTION]: The skill processes external data from JustCall (such as SMS messages and contact notes) which could contain instructions intended to influence the agent's behavior (indirect prompt injection). This is an inherent surface for communication skills.
- Ingestion points: Data is retrieved from the JustCall API using
membrane action runandmembrane requestcommands inSKILL.md. - Boundary markers: No specific delimiters or "ignore" instructions are provided for handling external data.
- Capability inventory: The skill utilizes the
membraneCLI for network requests and data management as described inSKILL.md. - Sanitization: No explicit sanitization or validation of the retrieved content is described in the skill instructions.
Audit Metadata