The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's primary functionality is delivered through the membrane CLI. It instructs the agent to build and execute shell commands that include dynamic parameters such as search intents, action descriptions, and input payloads. This reliance on shell execution with variable arguments poses a risk if user input is not properly escaped.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package via npm. This is a vendor-owned resource associated with the author of the skill.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user data which is subsequently interpolated into shell command arguments.
Ingestion points: User-supplied values for --intent, DESCRIPTION, and --input parameters within the membrane CLI commands described in SKILL.md.
Boundary markers: None are present in the command templates or instructions.
Capability inventory: Full shell access to execute the membrane CLI and other local commands.
Sanitization: There are no instructions for the agent to validate, filter, or escape user-provided content before inserting it into command strings.

complianceai