Skills
skills/membranedev/application-skills/cloudfill/Gen Agent Trust Hub

cloudfill

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the @membranehq/cli tool from the NPM registry, which is the official method for interacting with the author's platform.\n- [COMMAND_EXECUTION]: The skill uses the membrane CLI for all operations, including authentication and API requests. This centralizes security controls and avoids the need for raw shell commands or direct manual API interaction.\n- [SAFE]: The skill identified a potential surface for indirect prompt injection via data returned from the CloudFill API, but it follows established integration patterns for the Membrane ecosystem.\n
  • Ingestion points: API responses from membrane action run and membrane request (SKILL.md).\n
  • Boundary markers: Not explicitly used in the instruction text.\n
  • Capability inventory: Shell execution via membrane CLI and file system access.\n
  • Sanitization: Relies on the agent's internal filtering and the Membrane platform's request handling.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 10:48 PM
Security Audit — agent-trust-hub — cloudfill