copper
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official @membranehq/cli package from the npm registry. This is a vendor-provided tool required for the integration's core functionality.
- [COMMAND_EXECUTION]: Utilizes the membrane CLI to perform authentication (membrane login), manage connections (membrane connect), and execute CRM actions (membrane action run). These are standard operations for the platform.
- [PROMPT_INJECTION]: The skill processes data from Copper CRM, such as leads and person records, which constitutes an indirect prompt injection surface. Ingestion points: CRM data retrieved from Copper through membrane actions. Boundary markers: No explicit delimiters or 'ignore' instructions are provided in the skill documentation for handling retrieved data. Capability inventory: The skill has the ability to execute shell commands via the membrane CLI. Sanitization: The skill does not describe specific sanitization steps for data retrieved from the CRM.
Audit Metadata