leadconduit
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official Membrane CLI tool (@membranehq/cli) from the public NPM registry.
- [COMMAND_EXECUTION]: Utilizes shell commands through the membrane CLI to authenticate, manage connections, and execute LeadConduit actions.
- [PROMPT_INJECTION]: The skill processes output from LeadConduit actions and discovery results, which presents an indirect prompt injection surface. * Ingestion points: Action run outputs and action discovery results enter the agent context in SKILL.md. * Boundary markers: No specific delimiters or instructions to ignore embedded commands are present. * Capability inventory: Includes shell command execution via the membrane CLI in SKILL.md. * Sanitization: External content is processed without explicit validation or escaping defined in the instructions.
Audit Metadata