dashlane
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the npm registry, which is the official tool provided by the vendor.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to execute commands for logging in, managing connections, and running integration actions against the Dashlane API.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. 1. Ingestion points: User queries provided to the --intent parameter and data passed to the --input parameter as seen in SKILL.md. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the provided templates. 3. Capability inventory: The skill performs shell command execution via the membrane CLI across all integration tasks. 4. Sanitization: There is no evidence of input validation or output sanitization for data retrieved from Dashlane or user-supplied strings.
Audit Metadata