akismet
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official npm registry. This is a verified tool belonging to the skill's authoring organization and is used for platform interaction. - [COMMAND_EXECUTION]: The instructions guide the agent to perform operational tasks using the
membraneCLI, including authentication, connection management, and action execution. These commands are necessary for the skill's functionality and are executed within the user's terminal context. - [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection as it processes untrusted comment data from the Akismet service.
- Ingestion points: External comment data processed through actions such as
check-comment-for-spam(found in SKILL.md). - Boundary markers: The instructions do not define specific delimiters for separating untrusted data from the agent's instructions.
- Capability inventory: The skill uses the
membraneCLI to run actions and create new logic (membrane action run,membrane action createin SKILL.md). - Sanitization: There are no explicit instructions for sanitizing or escaping content retrieved from the Akismet API.
Audit Metadata