bouncer
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage globally via NPM to enable its functionality. - [COMMAND_EXECUTION]: The skill executes multiple shell commands using the
membraneCLI for authentication, creating connections, and running remote actions. - [PROMPT_INJECTION]: The skill exhibits metadata poisoning through contradictory documentation. The frontmatter describes CRM management, the body describes an Android permission app, and the action list describes email verification services. This inconsistency can mislead the agent's reasoning regarding its capabilities.
- [PROMPT_INJECTION]: There is a surface for indirect prompt injection as the agent processes output from the Bouncer API.
- Ingestion points: Data enters the context through
membrane action runandmembrane action listoutputs. - Boundary markers: No delimiters or instructions to ignore embedded commands are provided.
- Capability inventory: The agent can perform deletions, batch verifications, and create new actions on the Membrane platform.
- Sanitization: No validation or escaping of external content is specified.
Audit Metadata