docsumo
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli NPM package. This is a vendor-owned utility necessary for executing the described integration tasks.
- [COMMAND_EXECUTION]: Shell commands are used via the membrane CLI to authenticate, connect to Docsumo, and execute document processing actions. This is the primary mechanism for the skill's operation.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface when processing document extraction results. 1. Ingestion points: Output from membrane action run in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution via the membrane CLI. 4. Sanitization: No explicit sanitization or filtering of external content is mentioned.
Audit Metadata