envoy
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the official NPM registry. This is a standard procedure for using the vendor's command-line tools. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to interact with external services. Authentication and credential management are handled server-side by the Membrane platform, which follows best practices for secret management by avoiding local storage of sensitive tokens. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests data from the Envoy API and uses it to inform subsequent actions. While the risk is low, the skill should ideally implement boundary markers when processing external data.
- Ingestion points: Data retrieved via
membrane action runandmembrane action listis processed by the agent. - Boundary markers: None identified in the provided instructions.
- Capability inventory: The skill can list, create, and run actions (e.g., creating reservations or invites) via the
membraneCLI. - Sanitization: Not explicitly documented in the skill instructions.
- [SAFE]: The metadata contains conflicting descriptions of the 'Envoy' service (referencing both service mesh infrastructure and workplace management), but this appears to be a documentation error rather than a malicious attempt at deception.
Audit Metadata