comodo
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the '@membranehq/cli' package from npm, which is the official tool provided by the platform vendor.
- [COMMAND_EXECUTION]: All core functionalities, such as logging in and running actions, are performed via shell commands using the 'membrane' CLI.
- [PROMPT_INJECTION]: The skill processes external data from Comodo actions (ingestion point: 'membrane action run' output), creating an indirect prompt injection surface. The skill relies on CLI capabilities for execution and lacks explicit boundary markers or sanitization logic in the provided instructions, though this is typical for the primary integration use case and handled as a low-risk factor.
Audit Metadata