smartsuite
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official NPM registry, which is the standard tool for interacting with the vendor's platform. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform authentication, create connections, and run actions against the SmartSuite API. - [PROMPT_INJECTION]: The skill is a consumer of external data from SmartSuite (such as table records and comments), which represents a surface for indirect prompt injection.
- Ingestion points: Data retrieved from SmartSuite solutions, tables, and records via CLI actions.
- Boundary markers: The instructions do not define specific delimiters for separating untrusted data from the agent's instructions.
- Capability inventory: The skill can execute shell commands via the CLI to list, create, and run actions.
- Sanitization: No explicit content validation or sanitization of retrieved data is mentioned.
Audit Metadata