leapfin
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry to interact with the platform. This is an official tool from the skill's author. - [COMMAND_EXECUTION]: The skill executes
membraneCLI commands to authenticate, list actions, and perform data operations. These are necessary for the skill's primary functionality. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through its data ingestion workflows. * Ingestion points: Data enters the agent's context from Leapfin records and API responses via CLI commands such as
membrane action runandmembrane request. * Boundary markers: The instructions do not define delimiters or provide warnings to the agent to treat external data as untrusted. * Capability inventory: The agent has the ability to run shell commands and perform network operations via the Membrane proxy. * Sanitization: There is no mention of sanitizing or validating external data before it is processed by the AI.
Audit Metadata