lusha
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill specifies the installation of
@membranehq/clivia npm. This is a trusted resource from the official vendor scope. - [COMMAND_EXECUTION]: Functionality is implemented through standard
membraneCLI commands for connection and action management. These are restricted to the intended purpose of the Lusha integration. - [PROMPT_INJECTION]: The skill retrieves contact and company information from the Lusha API.
- Ingestion points: Data enters the context via
membrane action runoutput (SKILL.md). - Boundary markers: None present.
- Capability inventory: The skill allows for action execution and connection management within the Membrane platform; it does not have access to sensitive local files or system configuration.
- Sanitization: Not specified in the instructions, however, the limited capabilities of the skill reduce the impact of potential indirect injections.
Audit Metadata