Skills
skills/membranedev/application-skills/dialmycalls/Gen Agent Trust Hub

dialmycalls

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from npm, which is the official tool used to facilitate the integration.
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform operations such as membrane login, membrane connect, and membrane action run. These commands are used to manage authentication and execute specific DialMyCalls API actions.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from an external source (DialMyCalls).
  • Ingestion points: External data enters the agent context through actions such as list-contacts, get-recording, and list-text-broadcasts as described in SKILL.md.
  • Boundary markers: The instructions do not define clear delimiters or use "ignore embedded instructions" markers when handling data from these ingestion points.
  • Capability inventory: The skill has the capability to write data or perform actions like create-call-broadcast, create-text-broadcast, and delete-contact via the membrane action run command.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the data retrieved from DialMyCalls before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 08:53 PM