basin
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the NPM registry to enable integration features. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line interface to manage the lifecycle of the integration, including login, connection setup, and action execution. - [PROMPT_INJECTION]: The skill ingests untrusted data from Basin form submissions, which represents a surface for indirect prompt injection.
- Ingestion points: External data enters the agent context through the output of
membrane action runwhen retrieving form submissions. - Boundary markers: The instructions do not define specific delimiters or guardrails to isolate retrieved content from the agent's core instructions.
- Capability inventory: The skill allows the agent to execute actions that can modify or delete data, such as
delete-form,delete-submission, andupdate-submissionvia themembraneCLI. - Sanitization: There are no documented procedures for sanitizing or validating the content of the data fetched from the external service.
Audit Metadata