lemlist
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
membranecommand-line interface to perform operations such as searching for connectors, creating connections, and running API actions. These operations are part of the skill's primary functionality for automation. - [EXTERNAL_DOWNLOADS]: The instructions guide the user to install the
@membranehq/clipackage via NPM. This is a legitimate utility provided by the skill's author for managing API integrations. - [CREDENTIALS_UNSAFE]: The skill demonstrates good security posture by explicitly instructing the agent never to ask for API keys or secrets. Instead, it leverages Membrane's server-side connection management to handle the OAuth/authentication lifecycle.
- [DATA_EXFILTRATION]: While the skill communicates with Lemlist and Membrane's infrastructure, this is the intended data flow for a sales automation integration. No unauthorized or suspicious data exfiltration was detected.
Audit Metadata