kite-suite
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage via npm. This is a vendor-owned resource necessary for the integration's core functionality. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to manage connections and execute actions within Kite Suite. These commands are used according to their documented purpose for sales outreach automation. - [PROMPT_INJECTION]: The skill retrieves external data from Kite Suite (such as project and task details), which serves as an ingestion point for potential indirect prompt injection.
- Ingestion points: Kite Suite data is fetched via the
membraneCLI commands described inSKILL.md. - Boundary markers: Absent from the skill's instructions.
- Capability inventory: Capabilities are limited to Membrane-mediated API requests; there is no access to high-risk functions such as arbitrary shell execution or filesystem modification.
- Sanitization: The skill relies on the agent's standard processing of structured JSON output from the CLI.
Audit Metadata