lagrowthmachine
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm. This is the official command-line interface provided by the vendor (Membrane) to interact with their services. - [COMMAND_EXECUTION]: It utilizes the
membraneCLI to perform various tasks such as authentication (membrane login), connection management (membrane connect), and executing specific LaGrowthMachine actions (membrane action run). - [DATA_EXFILTRATION]: No unauthorized data exfiltration was detected. The skill facilitates legitimate data exchange between the user's environment and the LaGrowthMachine API via the Membrane proxy, with authentication handled server-side.
- [PROMPT_INJECTION]: The skill functions as an interface for external data (e.g., lead information and messages), which represents a potential surface for indirect prompt injection if the retrieved content contains instructions for the AI. However, the skill is designed for specific automation tasks and does not bypass safety controls.
- Ingestion points: Retrieves lead data, campaign statistics, and member lists from LaGrowthMachine (SKILL.md).
- Boundary markers: None explicitly mentioned in the skill's instruction set.
- Capability inventory: Includes capabilities to send email and LinkedIn messages, update lead statuses, and manage webhooks (SKILL.md).
- Sanitization: Execution relies on the Membrane platform's internal handling of API requests and the AI's standard safety layers.
Audit Metadata