brevo
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official NPM registry. This is a standard procedure for using the vendor's tooling and does not pose a security risk. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations like logging in, connecting to services, and running actions. These commands are part of the intended functionality for interacting with the Brevo API via the Membrane platform. - [DATA_EXFILTRATION]: The skill explicitly advises against asking users for secrets or API keys, recommending instead the use of Membrane's managed connection system. This is a positive security practice that prevents sensitive credential exposure within the agent environment.
- [DYNAMIC_EXECUTION]: The
membrane action createcommand allows the platform to generate new integration logic based on a natural language description. This process occurs on the vendor's platform and is a documented feature of the service. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from the Brevo CRM (e.g., contacts, deals). While this involves ingesting external data, the risk is mitigated by the use of structured JSON output and the specialized nature of the CRM integration.
Audit Metadata