appcircle
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
@membranehq/clipackage globally from the npm registry, which is the official tool provided by the vendor. - [COMMAND_EXECUTION]: The skill uses several
membraneCLI commands for logging in, connecting to Appcircle, and executing actions. These commands represent the primary interface for managing integrations within the platform. - [REMOTE_CODE_EXECUTION]: The skill instructs the use of
npxto run the@membranehq/clidirectly. This is a standard way to execute vendor-provided tooling and does not involve untrusted remote sources. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection due to its interaction with external Appcircle data. \n
- Ingestion points: Untrusted data enters the agent context via the output of
membrane action runandmembrane action listcommands. \n - Boundary markers: No specific delimiters or boundary warnings are provided in the instructions to distinguish external data from agent instructions. \n
- Capability inventory: The skill allows for command execution, action creation, and connection management through the
membraneCLI. \n - Sanitization: The instructions do not specify any sanitization, validation, or filtering of the content retrieved from Appcircle.
Audit Metadata