fibery
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from the npm registry. This is the official command-line interface provided by the skill's author (Membrane) and is considered a trusted vendor resource. - [COMMAND_EXECUTION]: The instructions rely on the agent executing
membraneCLI commands to perform tasks such as authentication (membrane login), connecting to services (membrane connect), and running actions (membrane action run). This is the intended operational model for the skill. - [PROMPT_INJECTION]: The skill has an indirect prompt injection attack surface because it retrieves and processes data from external sources (Fibery workspaces).
- Ingestion points: Data is ingested through actions like
get-document,get-entity-by-id, andquery-entitiesas described inSKILL.md. - Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore instructions found within the retrieved data.
- Capability inventory: The skill possesses write capabilities including
update-document,create-entity,update-entity, anddelete-entity. - Sanitization: No specific sanitization or validation logic is defined in the documentation for handling data retrieved from Fibery.
Audit Metadata