codacy
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally from the NPM registry. This is a vendor-owned tool used for managing the integration. - [COMMAND_EXECUTION]: The skill extensively uses the
membraneCLI to perform operations such as logging in, connecting to services, and running actions. These commands involve shell execution and network interaction with the vendor's infrastructure. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from external sources (Codacy repositories, pull requests, and commit messages).
- Ingestion points: Data enters the agent context through
membrane action runcommands, specifically those fetching PR issues, commit details, or repository analysis. - Boundary markers: The instructions do not define explicit delimiters or instructions to ignore embedded commands within the fetched data.
- Capability inventory: The agent can execute commands via the
membraneCLI, including creating new actions (membrane action create) and running existing ones. - Sanitization: There is no evidence of sanitization or filtering of the external content before it is processed by the agent.
Audit Metadata