sierra-interactive
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the membrane CLI to perform operations such as listing connections, searching for actions, and executing API calls.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of the @membranehq/cli package via npm to facilitate communication with the Membrane platform.
- [PROMPT_INJECTION]: Exposure to indirect prompt injection through data ingested from the Sierra Interactive API. 1. Ingestion points: CRM entities like Lead notes, tasks, and messages fetched via the membrane action run and membrane request commands in SKILL.md. 2. Boundary markers: Not present; the instructions do not specify the use of delimiters for external data. 3. Capability inventory: The skill provides capabilities to run actions and make arbitrary API requests through the proxy (SKILL.md). 4. Sanitization: There is no description of data sanitization or instruction filtering for content returned by the external API.
Audit Metadata