leadoo
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliNode.js package. This is a verified vendor-owned resource used for interacting with the Membrane platform and does not pose a third-party supply chain risk. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI to perform administrative and operational tasks such as logging in, creating connections, and running actions. These commands are localized to the vendor's ecosystem and intended for the skill's primary function. - [PROMPT_INJECTION]: The skill processes untrusted data from the Leadoo platform and user-defined intent strings, representing an indirect prompt injection surface. Ingestion points: Outputs from
membrane action runand search queries inmembrane action list. Boundary markers: None explicitly defined in the instructions. Capability inventory: Execution of actions and CLI commands via the Membrane platform. Sanitization: Handled by the underlying Membrane service infrastructure.
Audit Metadata