lagrowthmachine
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI (
@membranehq/cli) from the public npm registry to enable platform integration. - [COMMAND_EXECUTION]: The skill functions by executing shell commands using the
membraneutility to manage connections, discover actions, and perform CRM tasks. - [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection as it processes data from external CRM sources.
- Ingestion points: External lead, campaign, and organization data retrieved via the
membrane action runandmembrane action listcommands. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for data processed from the LaGrowthMachine API.
- Capability inventory: The agent can execute arbitrary commands via the
membraneCLI tool as defined in the skill instructions. - Sanitization: No explicit sanitization or validation of content returned from external API actions is defined within the skill's operational flow.
Audit Metadata