Skills
skills/membranedev/application-skills/appfire/Gen Agent Trust Hub

appfire

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill guides the user to install the @membranehq/cli tool from the NPM registry. This is a vendor-controlled package used for interacting with the Membrane platform.
  • [COMMAND_EXECUTION]: The skill uses shell commands via the membrane CLI to perform login, connect to services, and execute actions.
  • [REMOTE_CODE_EXECUTION]: The skill utilizes membrane action create to dynamically generate integration logic on the vendor's platform based on natural language descriptions, which are then executed.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. Ingestion points: External data is processed via the --input argument in the membrane action run command in SKILL.md. Boundary markers: The skill documentation does not specify the use of delimiters or warnings to ignore instructions within the processed data. Capability inventory: The CLI tool allows for network communication and data manipulation across connected services. Sanitization: There is no evidence of local sanitization of the input data before it is passed to the CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 08:13 PM
Security Audit — agent-trust-hub — appfire