craftcms
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI via NPM (
@membranehq/cli@latest). This is a standard installation procedure for the official tool associated with the service provider. - [COMMAND_EXECUTION]: The skill makes extensive use of the
membraneCLI to perform operations such as authentication, listing connections, and running actions. These commands are necessary for the skill's primary purpose of integrating with CraftCMS. - [DYNAMIC_EXECUTION]: The skill utilizes
membrane action create, which generates integration logic on the Membrane platform based on natural language descriptions, andmembrane action runto execute these actions. This behavior is the core functionality of the Membrane platform for building custom integrations. - [INDIRECT_PROMPT_INJECTION]: The skill accepts user-provided strings for action discovery (
--intent) and action creation (DESCRIPTION). While these are passed to the backend service, the risk is inherent to the platform's design for translating natural language to API interactions.
Audit Metadata