aircall
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI from the NPM registry using
npm install -g @membranehq/cli@latest. This is a legitimate installation of the developer's official tooling. - [COMMAND_EXECUTION]: The skill uses several shell commands via the
membraneCLI (e.g.,membrane login,membrane connect,membrane action run). These are standard operations for the platform's functionality and do not involve suspicious parameters or privilege escalation. - [DATA_EXPOSURE]: The skill is designed to interact with Aircall data, including calls, users, and phone numbers. The instructions emphasize that credentials should not be asked for directly, as they are managed server-side by Membrane, which is a security best practice.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from the Aircall API, which represents a potential injection surface.
- Ingestion points: Data enters the context via
membrane action runwhen fetching calls, users, or contacts. - Boundary markers: None explicitly defined in the instructions.
- Capability inventory: The skill can execute actions (
membrane action run) and dynamically create new ones (membrane action create). - Sanitization: Not documented within the skill file, likely handled by the underlying CLI or platform. Given the primary purpose of the skill is API integration, this is considered a standard operational risk.
Audit Metadata