discourse
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package globally via NPM. This is an official command-line tool provided by the vendor to interact with their platform.
- [COMMAND_EXECUTION]: The skill uses the membrane utility to execute shell commands for authentication, managing connections, and performing forum operations.
- [PROMPT_INJECTION]: The skill interacts with untrusted data from external Discourse forums, which creates a surface for indirect prompt injection.
- Ingestion points: External data is retrieved via the output of actions such as list-topic-posts or get-post.
- Boundary markers: No specific delimiters or boundary markers are used to separate retrieved forum content from the agent's instructions.
- Capability inventory: The skill can execute actions that modify Discourse data (e.g., creating posts) and manage platform configurations via the CLI.
- Sanitization: There is no evidence of content sanitization or filtering for the data retrieved from the forum.
Audit Metadata