Skills
skills/membranedev/application-skills/action-network/Gen Agent Trust Hub

action-network

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the membrane command-line tool to manage connections, search for API actions, and execute them. This is the primary mechanism for interacting with the Action Network service via the Membrane platform.\n- [EXTERNAL_DOWNLOADS]: The instructions guide the user to install the @membranehq/cli package from the official NPM registry. This tool is provided by the vendor to facilitate the integration.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes data retrieved from the Action Network API.\n
  • Ingestion points: Data is ingested through the output of membrane action run and membrane action list commands, which fetch records from Action Network.\n
  • Boundary markers: The instructions do not specify explicit delimiters to separate external API data from the agent's core instructions.\n
  • Capability inventory: The agent has the capability to execute shell commands using the membrane CLI.\n
  • Sanitization: There is no explicit sanitization or validation of the external API data before it is returned to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 08:39 AM
Security Audit — agent-trust-hub — action-network