salesloft
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the public npm registry. This is the official command-line interface provided by the vendor to facilitate the integration. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI for operational tasks, including logging in, connecting to the Salesloft connector, and executing specific actions like searching for or creating person records. - [PROMPT_INJECTION]: As the skill ingests data from Salesloft (such as notes, templates, and person records), it possesses an indirect prompt injection surface.
- Ingestion points: External data is retrieved from Salesloft via
membrane action run(SKILL.md). - Boundary markers: The instructions do not specify boundary markers for the retrieved content.
- Capability inventory: The skill can execute various actions including creating or modifying data in Salesloft.
- Sanitization: There are no explicit sanitization steps defined for handling external data strings before processing.
Audit Metadata