workbooks-crm
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to interact with Workbooks CRM. This is the primary intended function of the skill and relies on the vendor's own command-line interface. - [EXTERNAL_DOWNLOADS]: The instructions include installing the
@membranehq/clipackage via npm. This is an official package from the skill's author/vendor and is required for the skill to function. - [DATA_EXFILTRATION]: The skill implements a secure approach to data handling by using a proxy (
membrane request) that manages authentication headers server-side, preventing the need to expose or handle raw API keys within the local environment. - [PROMPT_INJECTION]: As the skill retrieves and processes data from an external CRM, it is theoretically susceptible to indirect prompt injection if malicious instructions are stored within CRM records.
- Ingestion points: Results from
membrane action runandmembrane requestcommands in SKILL.md. - Boundary markers: None explicitly defined in the prompt templates.
- Capability inventory: Execution of shell commands via the
membraneCLI. - Sanitization: No explicit sanitization or escaping of CRM data is described in the provided instructions.
Audit Metadata