pipeliner-crm
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the public npm registry. This is the official command-line tool for the Membrane platform as described in the skill metadata and homepage. - [COMMAND_EXECUTION]: It uses the
membraneCLI to perform operations such as authentication, listing CRM entities, and executing actions. These commands are necessary for the skill's functionality and do not involve unauthorized system access. - [SAFE]: The skill explicitly includes best practice advice to never ask the user for API keys or tokens, relying instead on server-side connection management provided by the Membrane platform.
- [PROMPT_INJECTION]: While the skill interacts with external CRM data which could potentially contain indirect prompt injections, it is a standard data ingestion surface for this type of integration and lacks any specific malicious patterns or high-risk execution capabilities tied to the ingested data.
Audit Metadata