salesflare
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry. This is a standard vendor-provided tool used to manage the integration and authentication process. - [COMMAND_EXECUTION]: The skill uses shell commands to interact with the
membraneCLI for logging in, searching for connectors, and executing API actions. These commands are necessary for the skill's primary purpose. - [PROMPT_INJECTION]: The skill processes external CRM data from Salesflare, which creates an indirect prompt injection surface. Malicious content within the CRM records could potentially influence agent behavior. Ingestion points: Salesflare records accessed via
membrane action listandmembrane request. Boundary markers: None specified. Capability inventory: Ability to run actions and perform arbitrary API requests through the proxy. Sanitization: Not explicitly mentioned in the skill instructions.
Audit Metadata