Skills
skills/membranedev/application-skills/finch/Gen Agent Trust Hub

finch

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package globally via NPM and also uses npx to run it. These are vendor-provided tools for the Membrane platform.
  • [COMMAND_EXECUTION]: All primary functions are performed by executing shell commands using the membrane CLI tool, including logging in, connecting to services, and running actions.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external sources (Finch/Membrane records).
  • Ingestion points: Results from membrane action run and membrane action list are directly processed by the agent.
  • Boundary markers: No delimiters or safety instructions are provided to distinguish external data from agent instructions.
  • Capability inventory: The agent has the capability to execute shell commands via the membrane tool.
  • Sanitization: No sanitization or validation of the ingested external content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 08:51 PM
Security Audit — agent-trust-hub — finch