espocrm
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This is the official command-line tool for the vendor's platform.\n- [COMMAND_EXECUTION]: The skill uses shell commands via themembraneCLI for operations including authentication, service connection, and running pre-defined actions. These operations are intended for the skill's functionality.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to its interaction with external CRM data.\n - Ingestion points: Untrusted data enters the agent's context from various EspoCRM records (e.g., Leads, Tasks, Contacts) when the agent retrieves information using
membrane action run.\n - Boundary markers: No explicit delimiters or system instructions are provided to the agent to treat the retrieved CRM content as untrusted data or to ignore embedded commands.\n
- Capability inventory: The agent has the capability to execute shell commands (
membraneCLI) that can modify data in the CRM or trigger new actions based on instructions it might find in the ingested data.\n - Sanitization: There is no indication of sanitization or validation of the content retrieved from the EspoCRM API before it is processed by the agent.
Audit Metadata