labsmobile
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is the official CLI tool provided by the vendor (Membrane) to facilitate API integrations. - [COMMAND_EXECUTION]: The skill executes several shell commands through the
membraneCLI to manage authentication (membrane login), establish connections (membrane connect), and perform API actions (membrane action run). These are standard operations for the tool's intended use. - [DATA_EXFILTRATION]: By design, the skill transmits user-provided SMS content and contact data to the LabsMobile external API. This data transfer is the primary function of the skill and is performed through a managed connection.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from external sources (SMS messages and campaign reports).
- Ingestion points: Untrusted data enters the context through
membrane action runwhen retrieving SMS messages or reports. - Boundary markers: None are specified in the instructions to delimit external content from agent instructions.
- Capability inventory: The agent has the capability to execute shell commands via the CLI and send outgoing SMS messages.
- Sanitization: No explicit sanitization or filtering of the retrieved SMS content is mentioned, which is a common surface for indirect injection attacks.
Audit Metadata