lever
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the "@membranehq/cli" package. This is a vendor-owned resource used for managing the integration.
- [COMMAND_EXECUTION]: The skill uses the "membrane" CLI to execute actions, manage connections, and perform proxy requests to the Lever API.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data from Lever.
- Ingestion points: Data enters the context through actions like "list-opportunities", "get-opportunity", and "list-notes-for-opportunity" in "SKILL.md".
- Boundary markers: No specific delimiters or instructions to ignore embedded commands were found in the skill's instructions.
- Capability inventory: The skill can create or modify Lever records and perform arbitrary API requests using "membrane request".
- Sanitization: No evidence of sanitization or filtering of external candidate data was identified.
Audit Metadata