leadboxer
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill follows best practices for authentication and uses official vendor tools.
- [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage from npm, which is the official tool provided by the authoring organization. - [COMMAND_EXECUTION]: Instructs the agent to use the
membraneCLI to perform integration tasks, search for actions, and run API requests. - [PROMPT_INJECTION]: The skill provides an interface to retrieve data from LeadBoxer, creating a surface for potential indirect prompt injection.
- Ingestion points: Lead details, events, and segments are fetched from the LeadBoxer API (SKILL.md).
- Boundary markers: None explicitly provided in the skill instructions.
- Capability inventory: Uses the
membraneCLI for network requests and data updates (SKILL.md). - Sanitization: Relies on the platform's action schema validation.
Audit Metadata