formio
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry, which is the official tool for the service provided by the vendor. - [COMMAND_EXECUTION]: Employs the
membraneCLI to perform operations such as authentication (membrane login), connection management (membrane connect), and action execution (membrane action run). It also allows for the dynamic creation of new actions based on natural language descriptions (membrane action create). - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to the ingestion of untrusted external data.
- Ingestion points: External data enters the agent context through actions that retrieve Form.io forms, submissions, and user records (SKILL.md).
- Boundary markers: The skill does not define delimiters or provide specific instructions to the agent to treat data from Form.io as untrusted or to ignore instructions embedded within it.
- Capability inventory: The agent can execute integration actions, create new actions, and list connection details via the CLI.
- Sanitization: There is no evidence of data sanitization or validation for content retrieved from external Form.io endpoints before it is processed by the agent.
Audit Metadata