ctoai
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI (@membranehq/cli) from the npm registry to facilitate platform integration.
- [COMMAND_EXECUTION]: The skill uses the
membranecommand-line utility for authentication, connecting to CTO.ai, and executing automation workflows. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it processes content from external actions.
- Ingestion points: Data returned from
membrane action runand descriptions retrieved viamembrane action list(SKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between system instructions and data returned from external tools.
- Capability inventory: The agent can execute shell commands through the CLI and create new actions based on natural language descriptions (SKILL.md).
- Sanitization: The skill does not define specific methods for validating or sanitizing external data before it is incorporated into the agent's reasoning context.
Audit Metadata