cuttly
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is an official tool provided by the platform vendor (membrane/membranedev) for managing integrations. - [COMMAND_EXECUTION]: The skill relies on shell commands to interact with the Membrane platform. These commands include
membrane login,membrane connect, andmembrane action run, which are standard operations for this CLI tool. - [CREDENTIALS_SAFE]: The skill explicitly advises against hardcoding or asking users for API keys. Instead, it uses the platform's
connectionsystem to handle authentication server-side, which is a recommended security practice. - [PROMPT_INJECTION]: The skill processes data from Cutt.ly (such as link statistics and shortened URLs) which represents a surface for indirect prompt injection.
- Ingestion points: Data enters the context through the output of
membrane action run(found in SKILL.md). - Boundary markers: None are explicitly defined in the provided prompt instructions for handling action output.
- Capability inventory: The agent has the ability to execute shell commands using the Membrane CLI.
- Sanitization: No sanitization or escaping of the action output is described before it is processed by the agent.
Audit Metadata