0codekit
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Membrane CLI (@membranehq/cli@latest) via npm. This package is an official tool provided by the vendor and is necessary for the skill's functionality.
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to manage connections and execute actions. These commands are part of the intended functionality for interacting with the Membrane platform.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data.
- Ingestion points: Untrusted data enters the context via action search queries (--intent) and input parameters (--input) as described in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used for user-supplied data in the provided command templates.
- Capability inventory: The skill can perform diverse operations including data conversion, OCR, and cryptographic functions, and can create new actions via the CLI.
- Sanitization: There is no mention of input validation or sanitization for the data passed to the actions.
Audit Metadata