Skills
skills/membranedev/application-skills/gatherup/Gen Agent Trust Hub

gatherup

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the official Membrane CLI tool from the npm registry to interact with the platform.\n
  • Evidence: npm install -g @membranehq/cli@latest in SKILL.md.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands to manage the integration lifecycle, including logging in, connecting to GatherUp, and running actions.\n
  • Evidence: Execution of commands like membrane login, membrane connect, and membrane action run are core to the skill's functionality.\n- [PROMPT_INJECTION]: The skill ingests external data from customer reviews and feedback which could potentially contain indirect prompt injection attempts.\n
  • Ingestion points: Data returned from the get-online-reviews and get-feedbacks actions.\n
  • Boundary markers: Absent.\n
  • Capability inventory: The skill can search, create, and run actions within the connected GatherUp account.\n
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 04:19 AM