nocrmio
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from npm. This is a vendor-owned resource used to facilitate the integration. - [COMMAND_EXECUTION]: Interaction with NoCRM.io is performed through shell commands using the
membraneCLI, including logging in, connecting to the service, and running actions. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from NoCRM.io (such as Leads, Notes, and Activities) which represents a surface for indirect prompt injection. This is an inherent risk of CRM integration skills.
- Ingestion points: NoCRM.io Lead, Person, Organization, Activity, Note, and File data in SKILL.md.
- Boundary markers: None specified in the instructions.
- Capability inventory: Command execution and action management via the Membrane CLI.
- Sanitization: Not specified; the skill relies on the underlying platform's handling of data.
Audit Metadata