jobnimbus
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry, which is the official command-line interface provided by the author (Membrane) to manage its integrations. - [COMMAND_EXECUTION]: The skill utilizes shell commands through the
membraneCLI to manage authentication, establish connections, and execute API actions. These operations are core to the skill's functionality. - [PROMPT_INJECTION]: The skill ingests data from external Jobnimbus objects such as contacts, jobs, and tasks. This creates a potential surface for indirect prompt injection if those objects contain adversarial instructions, although no active vulnerabilities or exploits were detected in the skill's logic.
Audit Metadata