getprospect
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via npm. This is the official command-line interface for the Membrane platform, which is required to facilitate the integration and manage GetProspect data. - [COMMAND_EXECUTION]: The skill executes various
membraneshell commands to perform actions such as logging in, connecting to services, and running API-based actions. These commands are the standard operating procedure for the Membrane integration framework. - [SAFE]: The skill implements strong security practices by delegating credential management to the Membrane platform. It specifically instructs the agent to never ask for user secrets (API keys or tokens), reducing the risk of credential exposure.
- [SAFE]: Data processing involves reading contact and company information from GetProspect. While this represents a theoretical indirect injection surface common to all data-retrieval tools, the risk is minimized by the structured nature of the CRM data being retrieved.
Audit Metadata