Skills
skills/membranedev/application-skills/dub/Gen Agent Trust Hub

dub

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package via NPM. This is the official command-line interface provided by the author (membranedev) to manage integrations and authentication.
  • [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to perform operations such as logging in, connecting to services, and executing actions. These commands are necessary for the skill's primary function of interacting with the Dub API.
  • [DATA_EXFILTRATION]: While the skill transmits data to the Membrane platform to execute actions, this communication is directed to the vendor's official infrastructure to facilitate the integration.
  • [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes data returned from the Dub API and Membrane action listings.
  • Ingestion points: Results from membrane action list and membrane action run (SKILL.md)
  • Boundary markers: Not specified in the instructions.
  • Capability inventory: Shell command execution via the membrane CLI (SKILL.md)
  • Sanitization: Not explicitly mentioned in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:11 PM
Security Audit — agent-trust-hub — dub