syncro
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package, which is an official tool provided by the vendor (membranedev) for managing the integration and is assessed as safe.
- [PROMPT_INJECTION]: The skill processes data from Syncro, such as tickets and email content, which presents a potential surface for indirect prompt injection. This is an inherent property of integration skills that process external content and is considered safe within the context of its primary purpose.
- Ingestion points: Syncro tickets, emails, and user data retrieved via action run (SKILL.md)
- Boundary markers: None specified in the instructions
- Capability inventory: The agent can execute Syncro actions and make arbitrary API requests via the CLI (SKILL.md)
- Sanitization: Not specified
Audit Metadata