callfire
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill adheres to best practices by delegating credential management to the Membrane platform.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the @membranehq/cli package from npm, which is the official tool provided by the skill's author (membranedev).
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to manage integrations and execute actions, providing a structured way to interact with the CallFire API.
- [PROMPT_INJECTION]: The skill has an inherent attack surface for indirect prompt injection as it retrieves untrusted communication data (SMS messages, call logs) from the CallFire API. 1. Ingestion points: Data enters the agent's context through CLI tool outputs described in SKILL.md (e.g., list-texts, list-calls). 2. Boundary markers: Absent; the instructions do not include specific delimiters or instructions to ignore embedded commands in the retrieved data. 3. Capability inventory: The skill defines local CLI execution (membrane) and package installation (npm) in SKILL.md. 4. Sanitization: No specific sanitization or filtering logic is provided within the skill's instructions.
Audit Metadata