debugbear
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
@membranehq/clipackage from the official NPM registry, which is a standard procedure for this vendor's tools. - [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
membraneCLI to manage connections and run actions. These commands are limited to the functionality of the Membrane platform. - [PROMPT_INJECTION]: The skill processes data from external sources (DebugBear API), creating a surface for indirect prompt injection.
- Ingestion points: External data enters the context via
membrane action runoutputs (SKILL.md). - Boundary markers: None explicitly defined in the instructions to separate external data from system prompts.
- Capability inventory: The skill can execute shell commands through the CLI (SKILL.md).
- Sanitization: No specific sanitization logic is provided in the instructions for handling the tool's output.
Audit Metadata