commpeak
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage via the npm registry. This is a standard vendor-provided tool required for the skill's operation. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to handle authentication (membrane login), manage connections (membrane connect), and run platform actions. These commands are local executions of the installed vendor tool. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from CommPeak (such as call recordings, search results, or metadata).
- Ingestion points: External data enters the context via
membrane action runandsearch-results. - Boundary markers: None identified in the provided instructions.
- Capability inventory: The agent can execute shell commands via the CLI and write data to the platform.
- Sanitization: No explicit sanitization or filtering of remote content is documented within the skill body.
Audit Metadata