replyio
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the official CLI tool from the vendor (
@membranehq/cli), which is an expected and verified dependency for this integration.\n- [SAFE]: Authentication is managed through a secure cloud-based flow (membrane loginandmembrane connect). This approach prevents the need for hardcoded credentials or the manual handling of sensitive API tokens within the skill environment.\n- [COMMAND_EXECUTION]: The skill instructions involve executing themembraneCLI to perform specific integration tasks. These commands are limited to interacting with the Reply.io API via the vendor's proxy and do not include any arbitrary or high-risk system command execution.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and process external data from Reply.io (such as lead activities and notes). If the source data contains malicious instructions, the agent could potentially be influenced.\n - Ingestion points: Data retrieved from Reply.io via
membrane action runandmembrane requestcommands.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided markdown.\n
- Capability inventory: The skill allows for reading and writing data (persons, organizations, sequences) and making arbitrary API requests to Reply.io via the proxy.\n
- Sanitization: No specific sanitization or filtering logic is described in the skill instructions.
Audit Metadata