countdown-api
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli tool globally from the NPM registry. This is a legitimate vendor tool used for managing connections and orchestrating API calls within the Membrane ecosystem.
- [COMMAND_EXECUTION]: The skill executes various membrane CLI commands to authenticate the user and run specific API actions related to the Countdown API.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and processes data from external API responses via the Membrane platform.
- Ingestion points: Data enters the agent context through the JSON output of membrane action run.
- Boundary markers: The instructions do not define explicit delimiters or warnings to isolate external data from the system prompt.
- Capability inventory: The skill maintains capabilities to execute shell commands and create new API actions via the membrane CLI.
- Sanitization: No specific sanitization or schema validation is performed on the ingested API data within the skill's instructions.
Audit Metadata