sprinklr
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI tool (@membranehq/cli) from the NPM registry to facilitate communication with the integration platform.
- [COMMAND_EXECUTION]: The skill uses local shell commands to interact with the Membrane platform for connection management, action discovery, and API execution.
- [PROMPT_INJECTION]: The skill processes data fetched from Sprinklr (such as posts, messages, and reports), which introduces a potential surface for indirect prompt injection if the external data contains instructions meant to influence the agent's behavior.
- Ingestion points: Data retrieved via 'membrane action run' and 'membrane request' enters the agent context.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between platform instructions and untrusted data from Sprinklr.
- Capability inventory: The skill allows for running arbitrary actions and making proxied HTTP requests to the Sprinklr API.
- Sanitization: The skill relies on the Membrane platform's handling of API responses and data mapping.
Audit Metadata