google-campaign-manager
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage from the official NPM registry. This is the standard delivery method for the vendor's command-line interface and is considered safe within the context of the skill's intended use. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to interact with external services. All commands (login, connect, action list/run) are part of the documented workflow for managing Google Campaign Manager 360 data through the Membrane platform. - [CREDENTIALS_SAFE]: The instructions explicitly forbid asking users for API keys or tokens, directing the agent to use the platform's server-side connection management. This reduces the risk of credential exposure in logs or prompts.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests data from external actions (Google Campaign Manager 360) and executes CLI commands, the risk is mitigated by the structured nature of the CLI tool and the platform's internal safeguards. No specific exploitation patterns were detected.
Audit Metadata