flodesk
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry. This is a vendor-owned tool from the Membrane ecosystem used to manage connections and run actions. - [COMMAND_EXECUTION]: Employs the
membraneCLI for operational tasks including authentication (login), connection management (connect), and action execution (run). It also includes themembrane action createcommand, which allows for the dynamic generation of integration logic based on descriptions. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it retrieves data from an external source (Flodesk) and possesses modification capabilities.
- Ingestion points: External data is ingested through actions like
list-subscribersandget-subscriber(SKILL.md). - Boundary markers: The skill does not define specific delimiters or instructions to the agent to treat external content as untrusted.
- Capability inventory: The skill can modify the external environment using actions such as
add-subscriber-to-workflow,create-or-update-subscriber, andunsubscribe-subscriber(SKILL.md). - Sanitization: No sanitization or filtering logic is specified for the data retrieved from Flodesk.
Audit Metadata