docsumo

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli NPM package. This is a vendor-owned utility necessary for executing the described integration tasks.
  • [COMMAND_EXECUTION]: Shell commands are used via the membrane CLI to authenticate, connect to Docsumo, and execute document processing actions. This is the primary mechanism for the skill's operation.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface when processing document extraction results. 1. Ingestion points: Output from membrane action run in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution via the membrane CLI. 4. Sanitization: No explicit sanitization or filtering of external content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 07:36 PM
Security Audit — agent-trust-hub — docsumo