nectar-crm
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI (
@membranehq/cli) from the official registry. This is a vendor-provided tool required for the skill's operation. - [COMMAND_EXECUTION]: The skill utilizes shell commands through the
membraneCLI to interact with the Nectar CRM API, including running predefined actions and making raw HTTP requests. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external CRM data.
- Ingestion points: Untrusted data enters the agent context through the outputs of CRM queries (e.g., retrieval of Notes, Persons, or Organizations) via the
membrane action runandmembrane requestcommands. - Boundary markers: Absent; the instructions do not implement delimiters or warnings to ignore instructions embedded within the retrieved CRM data.
- Capability inventory: The agent has the ability to write data back to the CRM and make arbitrary network requests through the Membrane proxy using
membrane requestin SKILL.md. - Sanitization: Absent; there is no evidence of validation or sanitization performed on the content retrieved from the external API before it is processed by the agent.
Audit Metadata