lastpass-enterprise-api
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install
@membranehq/clifrom the public npm registry. This is an expected installation of a vendor-owned utility to interact with the service. - [COMMAND_EXECUTION]: The instructions involve executing various
membraneCLI commands to authenticate, search for connectors, and run actions. These are core to the skill's functionality for managing LastPass data. - [PROMPT_INJECTION]: The skill reads data from the LastPass Enterprise API, including user lists, groups, and password records. This constitutes an indirect prompt injection surface as the agent processes content from an external source, although this is inherent to the skill's purpose of managing enterprise data.
Audit Metadata