lever
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package from the NPM registry which is a tool provided by the vendor for managing integrations.
- [COMMAND_EXECUTION]: Utilizes the local command line to execute membrane commands for authentication, connection management, and running Lever actions.
- [REMOTE_CODE_EXECUTION]: Implements the membrane action create functionality which allows for the dynamic generation and execution of code on the remote Membrane platform.
- [DATA_EXFILTRATION]: Accesses and processes sensitive recruitment information including candidate records and application notes from the Lever ATS.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the Lever API which creates an indirect prompt injection surface. * Ingestion points: Candidate notes, opportunity descriptions, and application details retrieved via the CLI. * Boundary markers: Instructions do not specify delimiters or warnings to separate Lever data from agent logic. * Capability inventory: Shell command execution via the membrane CLI and remote action creation. * Sanitization: No sanitization or validation of data retrieved from Lever is described.
Audit Metadata