checkr
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the NPM registry. This is the official command-line interface provided by the vendor (membranedev) to interact with their services and manage integrations.
- [COMMAND_EXECUTION]: The skill uses shell commands through the membrane CLI for authentication (membrane login), connection management (membrane connect), and executing API actions (membrane action run). These are legitimate uses of the tool required for the skill's functionality.
- [PROMPT_INJECTION]: The skill ingests external records from Checkr, creating a surface for indirect prompt injection. 1. Ingestion points: Candidate records and background check reports retrieved via 'membrane action run'. 2. Boundary markers: None identified. 3. Capability inventory: CLI command execution via the membrane tool. 4. Sanitization: No explicit output filtering or sanitization is documented. While this represents a theoretical attack surface, it is a standard characteristic of skills that process external data and no active exploitation was found.
Audit Metadata