smarty
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions require the installation of the @membranehq/cli package from npm. This is a trusted vendor-owned resource used to manage platform integrations.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI for all operations including authentication and API interaction. These commands are standard for the intended use case within the Membrane ecosystem.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes data from external APIs. 1. Ingestion points: External data enters the context via membrane action run and membrane request outputs. 2. Boundary markers: There are no specific delimiters or instructions provided to the agent to treat external content as untrusted data. 3. Capability inventory: The agent can execute platform commands and perform network operations through the Membrane proxy. 4. Sanitization: No explicit sanitization or filtering of external API data is performed.
- [SAFE]: There is a high level of inconsistency in the documentation metadata; the description mentions CRM entities, the overview describes a PHP library, and the actions list address verification tools. This is evaluated as a non-malicious documentation error.
Audit Metadata