breathe
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the official NPM registry. This is a vendor-provided tool used to interact with the Membrane platform.- [COMMAND_EXECUTION]: The agent is instructed to use various subcommands of themembraneCLI, such aslogin,connection, andaction, to manage the integration. This involves executing shell commands to perform platform operations.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) because it processes data from external actions. \n - Ingestion points: Data enters the context through the output of
membrane action listandmembrane action runcommands as described in SKILL.md. \n - Boundary markers: The instructions do not specify any markers or delimiters to isolate data retrieved from external actions from the agent's instructions. \n
- Capability inventory: The skill allows the agent to execute actions on external systems via the
membrane action runcommand. \n - Sanitization: There is no mention of sanitizing or validating the data returned from the Membrane platform before it is used by the agent.
- [METADATA_ANALYSIS]: The official documentation link provided (
developer.apple.com/documentation/clockkit/...) refers to an Apple Watch feature rather than the Breathe HR platform described in the skill text. This appears to be a documentation error rather than a malicious deception.
Audit Metadata