kadoa
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill features contradictory and misleading metadata. The description suggests CRM management (Leads, Deals), while the overview describes cloud infrastructure optimization. However, the functional actions provided in the skill relate to web scraping and data extraction. This inconsistency in metadata and documentation can result in misaligned agent behavior.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to the lack of sanitization when processing external data.
- Ingestion points: Data is ingested from the Kadoa API through actions like
get-workflow-dataand through the--inputflag in command execution. - Boundary markers: The skill lacks explicit delimiters or instructions to treat external data as untrusted content.
- Capability inventory: The skill can execute shell commands via the CLI and make arbitrary network requests through the
membrane requestproxy tool. - Sanitization: No evidence of sanitization, validation, or escaping of retrieved data or user input is present.
- [EXTERNAL_DOWNLOADS]: Instructs the user to install the
@membranehq/clitool from the npm registry. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI to execute various shell commands for authentication, connection management, and action execution.
Audit Metadata