webcrm
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from NPM. This is an official vendor tool used to facilitate the connection between the agent and WebCRM. - [COMMAND_EXECUTION]: The skill executes shell commands using the
membraneCLI to manage connections and run CRM actions. These operations are restricted to the functionality provided by the Membrane platform. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from WebCRM records (SKILL.md). While boundary markers and explicit sanitization are not defined in the instructions, the risk is mitigated by the use of structured actions and secure credential handling via the Membrane service. Capability inventory: shell command execution via
membraneCLI.
Audit Metadata