kartra
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the installation and use of the
@membranehq/clipackage to facilitate communication between the agent, the Membrane platform, and the Kartra API. This includes commands for global package installation and local execution of integration logic. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface Analysis:
- Ingestion points: The skill retrieves potentially untrusted data (e.g., lead names, custom field values, transaction notes) from Kartra via actions like
get-leadandretrieve-transactions-from-lead(SKILL.md). - Boundary markers: There are no specified delimiters or instructions for the agent to distinguish between its own instructions and data retrieved from Kartra.
- Capability inventory: The skill possesses high-impact capabilities that could be abused if malicious instructions are present in the ingested data, including
refund-transaction,cancel-subscription, andrevoke-membership-access(SKILL.md). - Sanitization: No sanitization or validation logic is defined for data fetched from the external API before it enters the agent's context.
Audit Metadata