nimble-crm
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data.
- Ingestion points: Data fetched from Nimble CRM via
membrane action runandmembrane requestcommands. - Boundary markers: The instructions do not specify any delimiters or safety warnings for the agent when interpreting data returned from the CRM.
- Capability inventory: The agent has the ability to run shell commands (via the Membrane CLI) and perform network requests.
- Sanitization: No sanitization or validation steps are provided for the data retrieved from the external API.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage globally via npm. This is an official tool provided by the vendor for managing integrations.
Audit Metadata