Skills
skills/membranedev/application-skills/caspio/Gen Agent Trust Hub

caspio

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the @membranehq/cli tool from the official NPM registry to enable interaction with the Membrane platform.
  • [COMMAND_EXECUTION]: Uses the membrane CLI to perform administrative and data operations, including login, connection management, and action execution.
  • [REMOTE_CODE_EXECUTION]: Employs npx to run discovery commands, ensuring the latest version of the utility is used without permanent installation.
  • [CREDENTIALS_UNSAFE]: Implements secure authentication practices by leveraging the platform's native login flow, avoiding the need for hardcoded or manually entered API secrets.
  • [PROMPT_INJECTION]: The skill has a potential indirect injection surface as it processes data from Caspio.
  • Ingestion points: Caspio data records and table content retrieved via membrane action run (SKILL.md).
  • Boundary markers: Not explicitly defined in the provided instructions.
  • Capability inventory: Local shell execution via the membrane CLI (SKILL.md).
  • Sanitization: Not specified; the skill relies on the underlying platform's handling of action inputs and outputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:48 PM
Security Audit — agent-trust-hub — caspio