apaya
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official
@membranehq/clipackage from the NPM registry. This tool is the vendor's own CLI for platform integration. - [COMMAND_EXECUTION]: Executes local
membraneCLI commands to manage connections and run actions, which is the primary mechanism of the skill. - [PROMPT_INJECTION]: The skill instructs the agent to insert user-provided strings, such as search intents and action descriptions, directly into shell commands. This creates an indirect prompt injection surface where malicious user input could potentially lead to command injection if the agent does not properly escape the input.
- Ingestion points: User-supplied 'intent' and 'description' parameters used in shell commands within SKILL.md.
- Boundary markers: None; the instructions do not provide delimiters or warnings to isolate user-supplied content.
- Capability inventory: The skill uses shell execution to list, create, and run actions via the Membrane CLI (SKILL.md).
- Sanitization: None; no specific instructions are provided to sanitize or escape user input before it is used in the shell.
Audit Metadata