cnvrgio
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from npm and usesnpxto execute it. This is the official tool for the Membrane platform, provided by the skill's authoring organization. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line interface to manage authentication (membrane login), established connections (membrane connect), and execute machine learning workflow actions (membrane action run). - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through the ingestion of external data.
- Ingestion points: Untrusted data enters the agent context via the output of the
membrane action runcommand (SKILL.md). - Boundary markers: No explicit delimiters or boundary markers are defined in the instructions to separate external content from agent instructions.
- Capability inventory: The skill has the ability to list connections, search for actions, and run arbitrary actions on the Cnvrg.io platform (SKILL.md).
- Sanitization: No specific sanitization or validation steps are outlined for processing the data received from external API actions.
Audit Metadata