acumbamail
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is the official command-line interface provided by the skill author (membranedev) for interacting with their services. - [COMMAND_EXECUTION]: The skill uses multiple shell commands (e.g.,
membrane login,membrane connect,membrane action run) to perform its primary functions. These commands are necessary for the skill's intended use case of managing Acumbamail data through the Membrane platform. - [INDIRECT_PROMPT_INJECTION]: There is an attack surface for indirect prompt injection as the skill processes data from Acumbamail (such as subscriber details or campaign information).
- Ingestion points: Data enters the agent context through the output of commands like
membrane action runandmembrane action listin SKILL.md. - Boundary markers: None are explicitly defined in the instructions to separate external data from agent instructions.
- Capability inventory: The skill has the capability to execute shell commands via the Membrane CLI, including running and creating actions as seen in SKILL.md.
- Sanitization: There are no documented sanitization or validation steps for the content fetched from the Acumbamail API.
Audit Metadata