replyio
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the Membrane CLI using
@membranehq/clifrom the official NPM registry. This is a vendor-provided tool used to facilitate secure communication with external APIs. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform various tasks such as authentication (membrane login), connection management (membrane connect), and API interaction (membrane action run,membrane request). These commands are standard operations for the platform's integration workflow. - [DATA_EXFILTRATION]: The skill explicitly discourages asking users for API keys or tokens. Instead, it uses a connection-based model where credentials are managed server-side by Membrane, reducing the risk of accidental credential exposure.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from Reply.io (e.g., Persons, Organizations).
- Ingestion points: Data enters the context via
membrane action runandmembrane requestcommands. - Boundary markers: None explicitly defined in the instructions.
- Capability inventory: The skill can read and write data to Reply.io via the Membrane CLI.
- Sanitization: The skill relies on the underlying platform and CLI to handle data transport; the instructions do not specify manual sanitization steps. This represents a standard surface for indirect prompt injection common in integration skills.
Audit Metadata