kickofflabs
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to install the Membrane CLI globally (
npm install -g @membranehq/cli@latest) and use it for authentication and action management. These are standard operations for this vendor's ecosystem. - [EXTERNAL_DOWNLOADS]: Fetches the official CLI tool from the NPM registry. The package
@membranehq/cliis a verified resource belonging to the skill's authoring organization. - [DATA_EXFILTRATION]: While the skill involves network operations to fetch and manage KickoffLabs data, it uses a mediated connection through the Membrane platform which handles authentication securely without exposing API keys to the agent's local environment.
- [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection because the agent processes external data from KickoffLabs (such as lead tags or campaign stats). However, this is the primary intended function of the skill and no specific vulnerabilities were detected.
Audit Metadata