amply
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage from the official NPM registry. This package is the standard CLI for the author's platform and is considered a trusted vendor resource. - [COMMAND_EXECUTION]: Shell commands are used to invoke the
membraneCLI for login, connection management, and action execution. These commands are necessary for the skill's primary functionality and do not involve unauthorized system modifications. - [DYNAMIC_EXECUTION]: The skill uses
membrane action createto generate new integration logic on the Membrane platform based on natural language descriptions. While this involves dynamic code generation, it occurs within the managed environment of the vendor's platform. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external cloud infrastructure records via Amply.
- Ingestion points: Results from the
membrane action runcommand in SKILL.md. - Boundary markers: None identified in the provided instructions to isolate external data from the agent's prompt.
- Capability inventory: The skill has the ability to execute shell commands and create new actions on the platform.
- Sanitization: No explicit sanitization or validation of the data retrieved from Amply is mentioned in the skill instructions.
Audit Metadata