civicrm
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the @membranehq/cli package from the official npm registry. This is a vendor-provided tool required for platform interaction.
- [COMMAND_EXECUTION]: Utilizes terminal commands via the membrane CLI to perform authentication, connection management, and execution of CiviCRM actions.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to the ingestion of external data.
- Ingestion points: Untrusted data enters the agent context through CLI commands that retrieve CiviCRM records, such as list-contacts and get-activity.
- Boundary markers: The instructions do not define delimiters or protective warnings to isolate ingested CRM data from the agent's execution logic.
- Capability inventory: The skill possesses write capabilities including creating, updating, and deleting contacts, activities, and contributions in the connected CiviCRM instance.
- Sanitization: There is no evidence of data sanitization or structural validation performed on the retrieved CiviCRM content before it is processed by the agent.
Audit Metadata