dukaan
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the Membrane CLI tool using
npm install -g @membranehq/cli@latest. This is a standard installation of a vendor-provided tool from the official NPM registry. - [COMMAND_EXECUTION]: The skill relies on executing
membraneCLI commands to manage authentication, search for actions, and run integrations. These commands are necessary for the primary purpose of the skill and do not involve arbitrary or hidden code execution. - [INDIRECT_PROMPT_INJECTION]: The skill processes data retrieved from external Dukaan actions, which represents a potential ingestion point for untrusted data.
- Ingestion points: Results returned from
membrane action runinSKILL.md. - Boundary markers: None explicitly defined in the provided markdown instructions.
- Capability inventory: Subprocess execution of the
membraneCLI tool. - Sanitization: Relies on the agent's handling of structured JSON output provided by the CLI.
Audit Metadata