directus
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Membrane CLI (@membranehq/cli) from npm, which is the official tool provided by the skill's vendor.
- [COMMAND_EXECUTION]: The instructions involve executing shell commands using the membrane CLI for authentication, connecting to services, and running actions.
- [PROMPT_INJECTION]: The skill has a potential surface for indirect prompt injection as it retrieves and processes data from Directus collections. (1) Ingestion points: Data retrieved from Directus via actions like list-items and get-item in SKILL.md. (2) Boundary markers: No explicit separators or instructions to ignore embedded commands are defined for processed data. (3) Capability inventory: The skill can create or update items and run arbitrary actions via the CLI. (4) Sanitization: No specific sanitization or validation logic is mentioned for external content.
Audit Metadata