The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides instructions to install the official Membrane CLI tool via npm (@membranehq/cli@latest). This is a legitimate dependency from the skill's author used to manage the integration.
[COMMAND_EXECUTION]: The documentation includes several shell commands for managing the lifecycle of the integration, such as membrane login for authentication, membrane connect for service linking, and membrane action run for executing API calls. These are standard operations for a CLI-based integration.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
Ingestion points: Untrusted data enters the agent context through the --intent parameter in the action search command and the --input parameter when running actions. The output returned from Aleph Alpha actions also serves as an ingestion point.
Boundary markers: There are no explicit boundary markers or instructions provided to the agent to treat the data returned from the CLI/API as potentially untrusted.
Capability inventory: The skill allows the agent to execute actions (membrane action run) and create new actions (membrane action create), which involve network operations and platform-side code generation.
Sanitization: The skill does not specify any sanitization or validation steps for the content returned from Aleph Alpha actions before it is used in subsequent prompts.

aleph-alpha