lemlist
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes the
@membranehq/cliNode.js package, which is the official command-line interface for the Membrane platform. All external downloads and references are directed toward the vendor's established domains and official GitHub repositories. - [SAFE]: Credential management is handled through a secure connection-based model (
membrane connect). The instructions explicitly advise against asking users for API keys, instead relying on the platform to manage authentication lifecycles server-side, which prevents local credential exposure. - [SAFE]: No obfuscation, persistence mechanisms, or malicious prompt injection patterns were detected. The commands provided are standard for interacting with the Membrane ecosystem.
- [SAFE]: While the skill involves reading output from CLI commands that could potentially contain data from Lemlist (a surface for indirect prompt injection), it does not perform unsafe interpolation or provide high-risk capabilities that would escalate the threat level beyond routine tool usage.
Audit Metadata