relavate
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage via npm. This is a vendor-owned resource necessary for the skill's operation and follows standard integration practices. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line utility to perform authentication, connection management, and data retrieval. These operations are restricted to the vendor's platform and the Relavate API. - [DATA_EXFILTRATION]: The skill communicates with the Relavate API through a proxy managed by the vendor. This network activity is documented as part of the skill's primary purpose for sales enablement.
- [PROMPT_INJECTION]: The skill processes external data (users, organizations, job applications) from the Relavate API. This introduces a surface for indirect prompt injection where untrusted content from the API could attempt to influence the agent. The risk is minimized by the use of structured actions and the Membrane platform's handling of data.
Audit Metadata