gong
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
membranecommand-line utility to facilitate authentication and action execution. These commands, such asmembrane action runandmembrane connect, are standard operations for the vendor's integration framework and do not include unauthorized command execution. - [EXTERNAL_DOWNLOADS]: The skill guides the installation of the
@membranehq/clinpm package. This is an official tool from the vendor organization, and its installation is required for the intended functionality of the integration. - [PROMPT_INJECTION]: The skill processes data from the Gong API, such as call transcripts, which constitutes a potential surface for indirect prompt injection. This is a characteristic of integrations that handle external content and is considered a baseline risk for this type of skill.
- Ingestion points: Data from Gong is ingested via actions defined in
SKILL.mdlikeget-call-transcriptsandget-calls-extensive. - Boundary markers: No specific delimiters or instruction-bypass warnings are defined for the processed data.
- Capability inventory: The skill possesses the capability to run predefined actions, including creating or updating meetings and calls in Gong.
- Sanitization: The skill relies on the standard data handling provided by the Membrane platform's action execution environment.
Audit Metadata