lusha
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/cliglobal npm package. This package is the official command-line interface for the Membrane platform. - [COMMAND_EXECUTION]: Executes shell commands via the
membraneCLI to perform authentication (membrane login), connection setup (membrane connect), and action execution (membrane action run). - [CREDENTIALS_UNSAFE]: The skill adheres to security best practices by explicitly advising against asking for or storing API keys locally, delegating all credential management to the Membrane platform.
- [PROMPT_INJECTION]: The skill ingests contact and company data from the Lusha API (ingestion points in SKILL.md:
membrane action run,membrane request). This data enters the agent context and represents an indirect prompt injection surface. The skill relies on standard tool outputs (capability inventory:membranesubprocess calls) and relies on structured data usage over raw API calls to mitigate risk.
Audit Metadata