flanks
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally from the npm registry. This is a vendor-owned package used to facilitate the integration. - [COMMAND_EXECUTION]: Utilizes the
membranecommand-line tool for core operations, including user authentication (membrane login), connection establishment (membrane connect), and running specific integration tasks (membrane action run). - [PROMPT_INJECTION]: The skill includes functionality to search for or create new actions using natural language inputs (
membrane action list --intent "QUERY"andmembrane action create "DESCRIPTION"). While these parameters represent a surface for indirect prompt injection if populated with untrusted data, they are standard features of the discovery and automation workflow.
Audit Metadata