kustomer
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the Membrane CLI tool (
@membranehq/cli) from the npm registry. This is an official package from the skill's authoring organization. - [COMMAND_EXECUTION]: Employs the
membranecommand-line utility to perform administrative tasks, manage connections, and execute business logic within the Kustomer environment. This includes direct API interaction capabilities via a proxy command. - [PROMPT_INJECTION]: Potential for indirect prompt injection as the skill is designed to ingest and process data from external Kustomer records, such as support tickets, messages, and customer notes, which are controlled by third parties.
- Ingestion points: Customer profiles, conversation history, and message content retrieved via the
list-messages,get-customer-by-email, andlist-conversationsactions. - Boundary markers: The instructions do not define specific delimiters for separating Kustomer data from agent instructions.
- Capability inventory: The skill allows reading and writing CRM data, as well as making arbitrary network requests through the
membrane requesttool. - Sanitization: No explicit sanitization or filtering of the retrieved CRM data is described in the skill content.
Audit Metadata