kommo
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the '@membranehq/cli' package from the npm registry to enable interaction with the Membrane platform.
- [COMMAND_EXECUTION]: The instructions involve running various 'membrane' CLI commands to manage authentication tokens, list CRM actions, and execute requests against the Kommo API.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data from an external CRM. • Ingestion points: Data is ingested from Kommo records via the 'membrane action run' command output in SKILL.md. • Boundary markers: No explicit delimiters or 'ignore' instructions are used to separate CRM data from agent instructions. • Capability inventory: The skill executes shell commands via the CLI as specified in SKILL.md. • Sanitization: No sanitization of CRM data is performed before it is presented to the agent.
Audit Metadata