Skills
skills/membranedev/application-skills/flyio/Gen Agent Trust Hub

flyio

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package from the official NPM registry. This is a vendor-owned utility necessary for the skill's operation.
  • [COMMAND_EXECUTION]: Executes various commands using the membrane CLI tool to interact with Fly.io, including resource listing, modification, and deletion.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it ingests and displays data from external Fly.io accounts.
  • Ingestion points: External data such as application lists, machine status, and volume details are retrieved using membrane action run and membrane connection list.
  • Boundary markers: Not present; the instructions do not specify delimiters to isolate retrieved external data from the agent's core instructions.
  • Capability inventory: The skill can perform write and delete operations on the Fly.io platform (e.g., create-app, delete-app, set-secret).
  • Sanitization: There is no evidence of sanitization or validation performed on the data retrieved from Fly.io before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 04:19 AM