documentpro
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes data from DocumentPro, creating a surface for indirect prompt injection where malicious content in documents could influence agent behavior.
- Ingestion points: External data is retrieved from DocumentPro via
membrane action runand discovery commands (SKILL.md). - Boundary markers: No explicit boundary markers or "ignore instructions" delimiters are present in the prompt instructions to isolate external content.
- Capability inventory: The agent has the ability to execute shell commands via the Membrane CLI, including running and creating actions (SKILL.md).
- Sanitization: There is no evidence of content sanitization or validation of the data retrieved from the DocumentPro service.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI tool (
@membranehq/cli) from the npm registry. This is a standard installation of the vendor's own tooling required for the skill's functionality. - [COMMAND_EXECUTION]: The skill makes extensive use of the
membraneCLI to interact with the platform. This is the intended delivery mechanism for the skill's features and is handled through the vendor's official infrastructure.
Audit Metadata