dingconnect
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install and run the official Membrane CLI package from the NPM registry.
- Evidence:
npm install -g @membranehq/cli@latestandnpx @membranehq/cli@latest. These resources are owned by the vendor 'membranedev' and are required for the skill's operation. - [COMMAND_EXECUTION]: The skill relies on the execution of the
membraneCLI tool to perform all operations, including authentication, connection management, and running actions. - Evidence: Multiple command examples throughout
SKILL.mddemonstrate the use of subprocess calls to themembranebinary to interact with external data. - [REMOTE_CODE_EXECUTION]: The skill leverages the Membrane platform's ability to dynamically generate and execute logic based on natural language descriptions.
- Evidence: The
membrane action create "DESCRIPTION"command allows for the runtime generation of new actions. This behavior is a core feature of the Membrane platform and is handled via the vendor's infrastructure. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where untrusted data is processed.
- Ingestion points: User-supplied
QUERYstrings inmembrane action listandDESCRIPTIONtext inmembrane action createare interpolated directly into shell commands withinSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the command templates.
- Capability inventory: The skill can execute shell commands, perform network requests through connections, and trigger remote actions.
- Sanitization: There is no evidence of sanitization or validation of the input strings before interpolation.
Audit Metadata