flare
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the public npm registry. This is the official command-line interface for the Membrane platform provided by the skill author. - [COMMAND_EXECUTION]: The instructions utilize several shell commands (
membrane login,membrane connect,membrane action list,membrane action run) to interact with the Membrane service. These commands are standard for the tool's operation. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it ingests and processes data from Flare (such as error messages and application records) which could contain malicious instructions.
- Ingestion points: External Flare records and action outputs processed via the CLI (SKILL.md).
- Boundary markers: None present; the skill does not explicitly define delimiters for untrusted content.
- Capability inventory: The skill can execute remote actions (
membrane action run) and dynamically generate new actions (membrane action create). - Sanitization: No explicit sanitization or validation of the external data is mentioned before it is processed by the agent.
Audit Metadata