streak
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
@membranehq/clitool, which is the official command-line interface provided by the vendor to manage integrations. - [COMMAND_EXECUTION]: The instructions direct the agent to perform CRM operations by executing
membraneCLI commands, which is the intended and authorized method for this skill. - [REMOTE_CODE_EXECUTION]: The skill leverages the Membrane platform's ability to dynamically build and run actions. This server-side execution is a core feature of the vendor's infrastructure and is used as intended.
- [PROMPT_INJECTION]: The skill interacts with external data from Streak, creating an indirect prompt injection surface.
- Ingestion points: Data is retrieved from the Streak API via
membrane action runoutputs. - Boundary markers: There are no explicit delimiters or boundary markers defined in the instructions to isolate untrusted data.
- Capability inventory: The agent can execute CLI commands and run actions through the Membrane platform.
- Sanitization: The skill does not specify any sanitization or validation logic for the data ingested from Streak.
Audit Metadata