keap
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from NPM. This is a legitimate utility provided by the vendor (membranedev) to facilitate communication with the Keap API. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to authenticate (login), search for connectors, and execute API actions. These operations are restricted to the functionality of the Membrane platform and the Keap integration. - [PROMPT_INJECTION]: The skill processes untrusted data retrieved from external CRM records, such as Contact notes or Task descriptions. This creates a surface for Indirect Prompt Injection.
- Ingestion points: Data enters the context through
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: None explicitly defined in the provided instructions to separate CRM data from agent instructions.
- Capability inventory: The agent can execute shell commands via the CLI to modify CRM data or perform network requests via the Membrane proxy (SKILL.md).
- Sanitization: No specific sanitization or validation of the retrieved CRM data is described.
Audit Metadata