addevent
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via NPM. This is a vendor-provided tool necessary for the skill's primary functionality. - [COMMAND_EXECUTION]: The skill executes various
membraneCLI commands to manage the lifecycle of Addevent integrations, including login, connection management, and action execution. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes data (events, attendees, etc.) retrieved from the Addevent API.
- Ingestion points: External data enters the context through
membrane action runoutputs inSKILL.md. - Boundary markers: No specific delimiters are used to wrap the output of actions to distinguish data from instructions.
- Capability inventory: The skill possesses the capability to read, create, update, and delete Addevent records using the
membrane action runcommand. - Sanitization: The skill does not implement explicit validation or sanitization of the data retrieved from the external API before it is processed by the agent.
Audit Metadata