Skills
skills/membranedev/application-skills/booqable/Gen Agent Trust Hub

booqable

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the npm registry. This is a standard installation of the official command-line tool provided by the vendor.
  • [COMMAND_EXECUTION]: The skill uses various membrane CLI commands to perform operations such as logging in, connecting to services, and running actions. These commands are part of the intended functionality for interacting with the Membrane platform.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it retrieves data from Booqable (such as customer details or order information) and processes it within the agent context.
  • Ingestion points: Data retrieved via the membrane action run command in SKILL.md.
  • Boundary markers: Absent; there are no instructions to the agent to ignore or delimit instructions found within the retrieved data.
  • Capability inventory: membrane action run and membrane action create in SKILL.md, which allow for executing actions and generating new integration logic.
  • Sanitization: Absent; the skill does not specify any validation or filtering of the content retrieved from the external API.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 10:36 PM