astronaut
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage globally via npm. This CLI tool is a vendor-owned resource used for authentication and service management. - [COMMAND_EXECUTION]: The skill utilizes shell commands via the
membraneCLI to perform core operations, includingmembrane login,membrane connect, andmembrane action run. - [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection through its interaction with external Astronaut data.
- Ingestion points: External data regarding missions, astronauts, and vehicles is retrieved through CLI actions defined in
SKILL.mdand loaded into the agent's context. - Boundary markers: There are no explicit delimiters or boundary markers specified in the instructions to isolate untrusted external data from the agent's internal logic.
- Capability inventory: The skill allows for command execution and network operations through the Membrane CLI infrastructure, enabling the execution of arbitrary actions.
- Sanitization: The documentation does not specify any sanitization or validation routines for data retrieved from Astronaut before it is processed by the agent.
Audit Metadata