cflow
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is the official command-line tool provided by the vendor for managing integrations. - [COMMAND_EXECUTION]: The skill utilizes several shell commands (e.g.,
membrane login,membrane connect,membrane action run) to interact with the Cflow platform via the CLI. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes data from external Cflow workflows.
- Ingestion points: Data retrieved from
membrane action runandmembrane action listoutputs. - Boundary markers: None are defined in the instructions to separate external data from the system prompt.
- Capability inventory: The skill can execute CLI commands and perform network operations through the Membrane framework.
- Sanitization: No explicit sanitization or validation of external workflow data is performed before it is processed by the agent.
Audit Metadata