applitools
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via NPM. This is the official command-line interface provided by the vendor (Membrane) to manage integrations and authentication. - [COMMAND_EXECUTION]: Multiple shell commands using the
membraneutility are employed to authenticate (membrane login), create connections (membrane connect), and execute tasks (membrane action run). These are standard operational procedures for this platform. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill explicitly advises against requesting or storing sensitive credentials like API keys locally, directing the agent to use Membrane's connection management instead. This reduces the risk of credential exposure in the local environment.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user-provided strings through the
--intentand--descriptionparameters when searching for or creating new actions. - Ingestion points: Input parameters in
membrane action list --intent "QUERY"andmembrane action create "DESCRIPTION"(SKILL.md). - Boundary markers: None explicitly defined in the provided instructions.
- Capability inventory: The skill can execute actions on the Applitools platform (read/write data) and install global NPM packages.
- Sanitization: Relies on the underlying Membrane platform's handling of natural language descriptions.
Audit Metadata