Skills
skills/membranedev/application-skills/bridge/Gen Agent Trust Hub

bridge

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires installing the @membranehq/cli package from npm and suggests using npx for discovery, which involves downloading code from external registries.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute membrane CLI commands for authentication and resource management.
  • [REMOTE_CODE_EXECUTION]: Through the membrane action create command, the skill allows for dynamic generation and execution of code on the Membrane platform based on user-provided descriptions.
  • [PROMPT_INJECTION]: The skill metadata includes an 'Official docs' link pointing to Atlassian Trello's API, whereas the skill's description and purpose involve the Bridge HR platform. This misleading information can lead to incorrect tool use or context confusion.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 10:01 AM
Security Audit — agent-trust-hub — bridge