Skills
skills/membranedev/application-skills/chift/Gen Agent Trust Hub

chift

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI tool to interact with the Chift API, manage connections, and execute integration workflows as described in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from npm. This is a vendor-owned resource required for the skill's core functionality.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes data from external API responses. Ingestion points: Data retrieved from Chift via membrane action run and membrane request commands in SKILL.md. Boundary markers: No explicit instructions for the agent to ignore instructions embedded in the retrieved data are provided. Capability inventory: The skill allows the execution of shell commands through the membrane CLI. Sanitization: No evidence of data sanitization or validation is present in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 09:39 PM
Security Audit — agent-trust-hub — chift