The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from NPM. This is a legitimate tool provided by the vendor for managing integrations and does not pose a security risk in this context.\n- [COMMAND_EXECUTION]: Uses the membrane command-line utility to perform actions like searching, connecting, and running API requests. These commands are part of the intended functionality for interacting with the Sellsy platform via the vendor's infrastructure.\n- [CREDENTIALS_UNSAFE]: The skill explicitly advises against asking users for API keys or tokens, directing them to use the membrane connect workflow instead. This is a positive security practice that prevents credential exposure.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest data from Sellsy (Organizations, Leads, etc.). While this presents a theoretical surface for indirect prompt injection if the data contains malicious instructions, the risk is considered low and inherent to the nature of CRM integration skills.

sellsy