ftrack
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
@membranehq/clipackage from the official NPM registry to facilitate interaction with the Membrane platform. This is a standard dependency for the vendor's integration tooling. - [COMMAND_EXECUTION]: The integration relies on the
membraneCLI for all operations, including session authentication (membrane login), establishing service connections (membrane connect), and executing specific project management tasks (membrane action run). - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) because it processes data from an external source (FTrack).
- Ingestion points: Data enters the context from FTrack entities like notes, task descriptions, and project metadata via
membrane action runoutputs. - Boundary markers: No specific delimiters or "ignore instructions" markers are defined in the instructions for the retrieved data.
- Capability inventory: The agent has the ability to execute potentially destructive actions such as
delete-projectandupdate-task, as well as dynamically generating new logic throughmembrane action create. - Sanitization: The skill does not specify any sanitization or validation of the content retrieved from FTrack before it is interpreted by the agent.
Audit Metadata