leadiq
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official NPM registry. This is a standard dependency provided by the vendor to facilitate interaction with their integration platform. - [COMMAND_EXECUTION]: Uses the
membraneCLI to perform login, connection management, and action execution. These operations are necessary for the skill's intended functionality of interacting with the LeadIQ service. - [DATA_EXFILTRATION]: Authentication is managed through the Membrane CLI's secure login flow, ensuring that API keys and tokens are handled by the platform rather than being exposed in the skill or stored locally by the agent.
- [PROMPT_INJECTION]: The skill processes data fetched from LeadIQ actions, creating a surface for potential indirect prompt injection. Ingestion points: Output from
membrane action runcommands. Boundary markers: None specified. Capability inventory: Shell command execution via themembraneCLI. Sanitization: Relies on the security of the underlying platform.
Audit Metadata