kartra
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the vendor's official command-line tool, which is installed from the npm registry.
- [COMMAND_EXECUTION]: The skill uses various membrane CLI commands to manage authentication and interact with Kartra's marketing automation platform.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from the Kartra API which is then processed by the agent.
- Ingestion points: Data is retrieved via membrane action list, membrane action run, and membrane request commands.
- Boundary markers: None identified.
- Capability inventory: The skill can perform state-changing operations in Kartra such as lead creation, subscription management, and membership access control.
- Sanitization: No explicit sanitization or validation of the external API data is mentioned.
Audit Metadata