kustomer
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
membraneCLI to manage connections, discover actions, and execute API calls. This is a standard and intended use of the platform's tooling. - [EXTERNAL_DOWNLOADS]: Recommends the installation of the
@membranehq/clipackage from the official npm registry. As this is a vendor-owned resource (membranedev/membranehq), it is considered a safe and expected dependency for the skill's functionality. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from an external CRM (Kustomer).
- Ingestion points: Data retrieved via
membrane action run(e.g., customer details, conversation messages, notes) enters the agent's context. - Boundary markers: None explicitly provided in the skill instructions to delimit external data from agent instructions.
- Capability inventory: The skill has the capability to write data (create/update customers and conversations) and execute platform-generated actions via the
membraneCLI. - Sanitization: The skill relies on the underlying agent's safety protocols and the Membrane platform's execution environment for sanitization.
Audit Metadata