smartengage
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official @membranehq/cli package from npm to facilitate integration tasks.
- [COMMAND_EXECUTION]: Shell commands are used to manage connections and execute actions within the SmartEngage ecosystem.
- [DATA_EXFILTRATION]: User data and parameters are transmitted to SmartEngage API endpoints through a proxy mechanism.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external data from SmartEngage.
- Ingestion points: API response data from SmartEngage.
- Boundary markers: None.
- Capability inventory: Ability to perform write actions and proxy HTTP requests.
- Sanitization: No data sanitization is documented.
Audit Metadata