abstract
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli Node.js package. This is the official tool provided by the vendor (Membrane) to manage integrations and automate workflows.
- [COMMAND_EXECUTION]: The skill utilizes the membrane command-line utility for authentication, service connection, and action execution. These commands are necessary for the skill's functionality and interact exclusively with the vendor's managed infrastructure.
- [REMOTE_CODE_EXECUTION]: The documentation suggests using npx to execute the vendor's CLI package directly. This involves fetching and running remote code from the official registry, which is a standard and expected practice for using the vendor's own tooling.
- [PROMPT_INJECTION]: The skill processes data from the Abstract API, which constitutes an indirect prompt injection surface. 1. Ingestion points: External data such as project details, tasks, and comments are ingested via membrane action run. 2. Boundary markers: No specific delimiters or warnings for the agent are defined in the instructions to isolate this untrusted content. 3. Capability inventory: The agent has the ability to execute shell commands via the CLI and access the network. 4. Sanitization: There is no mention of sanitization or validation for the data retrieved from the external service.
Audit Metadata