Skills
skills/membranedev/application-skills/calendso/Gen Agent Trust Hub

calendso

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the official npm registry. This is a vendor-provided tool necessary for the skill's functionality.\n- [COMMAND_EXECUTION]: The skill uses the membrane command-line utility for authentication, session management, and executing actions. These commands are integral to the skill's documented purpose of interacting with the Membrane platform.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted data from the Calendso platform.\n
  • Ingestion points: External data enters the agent context through the output of membrane action list and membrane action run commands.\n
  • Boundary markers: No specific delimiters or instructions to ignore embedded content are provided in the skill instructions.\n
  • Capability inventory: The skill has the capability to execute shell commands via the membrane CLI as described in SKILL.md.\n
  • Sanitization: There is no evidence of sanitization or validation of the data retrieved from external API calls before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 05:37 PM
Security Audit — agent-trust-hub — calendso