krayin
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run the
membranecommand-line tool for authentication, connection management, and record manipulation. - [EXTERNAL_DOWNLOADS]: Downloads and installs the vendor-managed
@membranehq/clipackage from the npm registry. - [REMOTE_CODE_EXECUTION]: Utilizes
npxto execute the latest version of the Membrane CLI tool directly from the network during action discovery. - [PROMPT_INJECTION]: Ingesting data from the Krayin CRM platform creates a vulnerability to indirect prompt injection.
- Ingestion points: Content returned from commands like
membrane action runandmembrane request(found in SKILL.md). - Boundary markers: Absent; the instructions do not include specific delimiters or warnings to ignore embedded instructions in external data.
- Capability inventory: The skill allows the agent to execute shell commands (
membrane) which can modify state in the external CRM. - Sanitization: There is no mention of sanitizing, escaping, or validating the data retrieved from the CRM before it is processed.
Audit Metadata