uplead
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
@membranehq/clipackage from the public NPM registry. This is the official command-line interface for the Membrane platform (the skill's authoring organization) and is required for the skill's primary functionality. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as authentication, searching for connectors, and executing API actions. These commands are restricted to the context of the platform's integration framework. - [DATA_EXFILTRATION]: The skill handles data from UpLead, but it does so through the Membrane proxy service (
membrane request). This approach is designed to keep credentials and raw API traffic within the authenticated platform environment rather than exposing them directly in the agent's scripts. - [INDIRECT_PROMPT_INJECTION]: The skill processes data returned from the UpLead API and Membrane actions.
- Ingestion points: External data enters the agent context via the output of
membrane action runandmembrane requestcommands. - Boundary markers: None explicitly defined in the provided markdown instructions.
- Capability inventory: The skill can execute shell commands via the
membraneCLI and make network requests through the platform's proxy. - Sanitization: There are no explicit instructions for sanitizing or escaping the data returned from the API before it is processed by the agent. While this presents a surface for indirect prompt injection if the API returns malicious content, it is a standard risk for integration skills and is mitigated by the platform's architecture.
Audit Metadata