covalent
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the Membrane CLI (@membranehq/cli) from the official NPM registry. This is a standard procedure for the vendor's ecosystem.
- [COMMAND_EXECUTION]: The integration operates through the membrane command-line interface to perform authentication, connection management, and data retrieval.
- [PROMPT_INJECTION]: As an integration that retrieves blockchain data (such as transaction logs and NFT metadata) and accepts user-defined intents, there is an inherent surface for indirect prompt injection. Malicious data stored on-chain could potentially contain instructions intended to mislead an AI agent. Ingestion points: Output from membrane action run and membrane action list in SKILL.md. Boundary markers: Not explicitly defined in the instructions. Capability inventory: CLI allows network access and command execution. Sanitization: The skill relies on the underlying platform's handling of API responses.
Audit Metadata