beeple
Warn
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The instructions direct the user to install a global Node.js package
@membranehq/clifrom the npm registry. This package is a resource provided by the skill's vendor to enable CLI-based interactions. - [COMMAND_EXECUTION]: The skill relies on executing various shell commands through the
membraneCLI for logging in, managing service connections, and running data-fetching actions. - [REMOTE_CODE_EXECUTION]: The skill utilizes functionality to dynamically generate actions via
membrane action create "DESCRIPTION". These actions are built based on natural language and subsequently executed usingmembrane action run, which constitutes a runtime code generation and execution pipeline. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It ingests and processes data from external Beeple actions without defining clear boundary markers or sanitization procedures, which could allow malicious data from the external service to influence the agent's logic.
Audit Metadata