really-simple-systems-crm
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI for authentication, connection management, and running CRM actions. These commands are central to the skill's functionality.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the @membranehq/cli package from the npm registry. This is the official CLI provided by the vendor (membranedev) for interacting with their platform.
- [REMOTE_CODE_EXECUTION]: The use of npx @membranehq/cli@latest to discover actions involves fetching and executing the vendor's tool directly from the npm registry.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks common to CRM integrations where untrusted data is retrieved into the agent's context. 1. Ingestion points: External data from CRM records (Contacts, Opportunities, etc.) accessed via membrane action run. 2. Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands within the CRM data. 3. Capability inventory: The skill allows command execution through the membrane CLI and can create new actions via membrane action create. 4. Sanitization: There is no mention of data validation or escaping for the content retrieved from the CRM.
Audit Metadata