basecone
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally from the NPM registry to enable platform interaction.\n- [COMMAND_EXECUTION]: Utilizes themembraneCLI to perform authentication, manage connections, and execute document-related actions.\n- [DATA_EXFILTRATION]: Synchronizes invoice and document data between the user's environment, the Membrane platform, and Basecone's API as part of its core functionality.\n- [PROMPT_INJECTION]: Processes document data from Basecone, which creates a potential surface for indirect prompt injection from content within retrieved records.\n - Ingestion points: Data returned from
membrane action runoutputs.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined.\n
- Capability inventory: Action execution and creation via the
membraneCLI.\n - Sanitization: No content filtering or validation mechanisms are specified for processed document data.
Audit Metadata