bloom-growth
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@membranehq/clipackage via npm. This is the official command-line tool for the Membrane platform, which acts as the middleware for the Bloom Growth integration. - [COMMAND_EXECUTION]: The skill utilizes several shell commands (e.g.,
membrane login,membrane connect,membrane action run) to interact with the integration platform. These commands are necessary for the skill's primary functionality and are executed using the vendor's own CLI. - [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection (Category 8) as the skill processes data returned from Bloom Growth actions.
- Ingestion points: Data enters the agent's context through the output of
membrane action runcommands. - Boundary markers: None explicitly defined in the prompt templates within this file.
- Capability inventory: The skill can execute CLI commands and interact with external APIs through the Membrane platform.
- Sanitization: Not explicitly defined; the skill relies on the Membrane platform's built-in handling of data schemas and JSON formatting to maintain structure.
Audit Metadata