nimble-crm
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from npm. This is the official tool provided by the vendor for managing integrations. - [COMMAND_EXECUTION]: All functionality is accessed via the
membranecommand-line tool. This includes logging in, connecting to Nimble, and running specific CRM actions. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it processes data retrieved from external CRM records.
- Ingestion points: Data returned from
membrane action runis intended to be processed and interpreted by the agent. - Boundary markers: The instructions do not define specific delimiters or boundary markers for the data returned from CRM actions.
- Capability inventory: The skill includes capabilities to search, create, and execute actions via the CLI.
- Sanitization: No automated sanitization of the CRM data is mentioned before it reaches the agent's context.
Audit Metadata