agendor
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage via npm. This is an official tool provided by the vendor for managing integrations. - [COMMAND_EXECUTION]: The skill guides the agent to use
membraneCLI commands to list, create, and run actions. These commands are the primary method of interacting with the Agendor API through the Membrane proxy. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by delegating authentication to the Membrane platform. It explicitly advises against asking users for API keys, instead using a connection-based flow where secrets are managed server-side.
- [DATA_EXFILTRATION]: While the skill accesses external CRM data, it does so through the vendor's established infrastructure. There are no patterns suggesting unauthorized data exfiltration to third-party domains.
- [PROMPT_INJECTION]: The skill processes external data from Agendor (such as deal descriptions or task names), which inherently presents a surface for indirect prompt injection. However, this is consistent with the primary purpose of a CRM integration tool and does not include autonomous high-risk capabilities.
Audit Metadata