clinchpad
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from npm, which is the official tool for interacting with the author's platform.
- [COMMAND_EXECUTION]: Shell commands are used to authenticate, manage connections, and execute ClinchPad actions via the membrane CLI.
- [DATA_EXFILTRATION]: The skill facilitates the transfer of CRM data to and from the ClinchPad API through the Membrane platform. This is the intended purpose of the integration.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: User input is incorporated into the intent and description parameters of the membrane action list and membrane action create commands (SKILL.md). Boundary markers: None identified. Capability inventory: The CLI commands involve network operations and potential data modification in the ClinchPad account (SKILL.md). Sanitization: No explicit sanitization of user-provided strings is described.
Audit Metadata