chocolatey
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI package (
@membranehq/cli) from the NPM registry to enable its functionality. - [COMMAND_EXECUTION]: The skill uses various shell commands, including
npm installfor initial setup andmembranecommands for authentication, connection management, and running package management actions. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface where natural language intent provided by the user is used to search for or create actions.
- Ingestion points: External data enters the context via the
QUERYandDESCRIPTIONplaceholders used in themembrane action listandmembrane action createcommands within SKILL.md. - Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the command templates for the interpolated natural language strings.
- Capability inventory: The skill is capable of executing actions via
membrane action run, which can modify system state or interact with the Chocolatey package manager. - Sanitization: The instructions do not describe any sanitization, escaping, or validation of the user-provided natural language before it is passed to the CLI tools.
Audit Metadata