Skills
skills/membranedev/application-skills/nethunt-crm/Gen Agent Trust Hub

nethunt-crm

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the NPM registry. This is the official command-line interface for the Membrane platform, which is the intended environment for this skill.
  • [COMMAND_EXECUTION]: The skill uses various shell commands through the membrane CLI to perform authentication (membrane login), connection management (membrane connect), and action execution (membrane action run). These commands are standard operations for managing integrations within the Membrane ecosystem.
  • [DATA_EXFILTRATION]: Authentication is handled via a secure OAuth-style flow where the user interacts with the browser or a login code. The agent is specifically instructed not to handle raw credentials or API keys, as Membrane manages secrets server-side, which is a security best practice for CRM integrations.
  • [INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface as it reads data from NetHunt CRM (such as Lead or Deal descriptions). While this data could theoretically contain malicious instructions, the skill uses structured actions and managed execution through the Membrane platform, which provides an abstraction layer between the external data and the agent's core instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 07:09 AM
Security Audit — agent-trust-hub — nethunt-crm