footprint
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@membranehq/clipackage from the npm registry. This tool is the official CLI provided by the skill's author for managing service integrations. - [COMMAND_EXECUTION]: The skill provides instructions for executing various CLI commands (
membrane login,membrane connect,membrane action run) to manage sustainability data. These commands represent the primary intended functionality and do not involve suspicious behaviors. - [PROMPT_INJECTION]: The skill documentation includes examples where user input is interpolated into command arguments, which represents a potential surface for indirect prompt injection.
- Ingestion points: Placeholders for user 'intent' and action 'DESCRIPTION' within the CLI command examples in SKILL.md.
- Boundary markers: No explicit delimiters or boundary markers are present in the provided command examples.
- Capability inventory: The skill allows for the creation and execution of custom actions through the Membrane CLI tool.
- Sanitization: The skill relies on the underlying CLI tool and the Membrane platform to sanitize and validate inputs before processing.
Audit Metadata