pancake-crm
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage via npm. This is the official utility for the Membrane platform, provided by the skill's author. - [COMMAND_EXECUTION]: The skill facilitates the execution of various commands using the
membraneCLI to manage authentication, connections, and CRM records. This includesmembrane login,membrane connect, andmembrane action run. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection (Category 8) due to how it handles natural language inputs and dynamic actions.
- Ingestion points: Untrusted data enters the context through user-provided queries in
membrane action list --intent "QUERY", action descriptions inmembrane action create "DESCRIPTION", and JSON parameters inmembrane action run --input. - Boundary markers: The skill does not define specific delimiters or instructions for the agent to distinguish between its own logic and potentially malicious instructions embedded in the intent strings or CRM data.
- Capability inventory: The skill allows the agent to create and execute actions that can read from or write to the connected Pancake CRM account.
- Sanitization: There is no evidence of input validation or sanitization for the strings passed to the CLI flags.
Audit Metadata