7shifts
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends installing the @membranehq/cli package via NPM. This is the official CLI tool provided by the vendor membranedev to interact with their platform.
- [COMMAND_EXECUTION]: Utilizes the membrane CLI for authentication, action discovery, and execution. This is the primary method of operation for this skill.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting and processing data from 7shifts.
- Ingestion points: Data enters the agent's context through the output of commands like membrane action run when listing users, shifts, or roles.
- Boundary markers: No explicit instructions are provided to the agent to treat retrieved data as untrusted or to use delimiters to prevent instruction injection.
- Capability inventory: The agent can create new actions (membrane action create) and execute existing ones (membrane action run), which could be influenced by malicious data.
- Sanitization: There is no mention of sanitizing the data retrieved from 7shifts before the agent processes it.
Audit Metadata