outreach
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI (
@membranehq/cli) from npm. This is a legitimate package provided by the vendor to facilitate the integration. - [COMMAND_EXECUTION]: The skill uses system commands via the
membraneCLI to manage connections, list actions, and execute API requests. This is the primary intended functionality of the skill for interacting with the Outreach API. - [PROMPT_INJECTION]: The skill processes external data from Outreach (such as prospect records and task descriptions), which presents an attack surface for indirect prompt injection. * Ingestion points: Data retrieved via
list-prospects,get-prospect, and other Outreach actions. * Boundary markers: No explicit boundary markers or 'ignore' instructions are present in the documentation. * Capability inventory: Command execution via themembraneCLI and network requests viamembrane request. * Sanitization: Not explicitly implemented in the skill instructions, relying on default agent behavior.
Audit Metadata