kindful
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Membrane CLI (
membrane) to perform CRM operations, search for actions, and proxy API requests. This is the primary intended functionality of the skill. - [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage via npm. This package is a vendor-owned resource provided by the skill author (membranedev) for interacting with their platform. - [PROMPT_INJECTION]: The skill processes external data from Kindful (such as contact records and activities), which presents a potential surface for indirect prompt injection.
- Ingestion points: Data retrieved from Kindful via
membrane action runandmembrane requestcommands. - Boundary markers: None specified in the instructions.
- Capability inventory: The agent has the ability to execute shell commands (
membraneCLI) and perform network requests to the Kindful API. - Sanitization: No specific sanitization or validation of the retrieved CRM data is described in the prompt logic.
Audit Metadata