codereadr
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry to provide the necessary command-line tools for the integration. - [COMMAND_EXECUTION]: The skill instructions involve running various
membraneCLI commands to authenticate the user, search for available integration actions, and execute tasks such as retrieving scans or managing databases. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it ingests data from external sources that could be controlled by third parties.
- Ingestion points: Data enters the agent's context through actions like
list-scansandlist-database-values(found in SKILL.md). - Boundary markers: The instructions do not specify any delimiters or warnings to the agent to ignore instructions embedded within the retrieved scan data.
- Capability inventory: The skill allows the agent to execute actions (
membrane action run) and automatically generate new actions (membrane action create) based on descriptions. - Sanitization: There is no evidence of sanitization or filtering of the barcode data or database values before they are processed by the agent.
Audit Metadata