getform
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
membraneCLI (e.g.,membrane login,membrane action run). These are standard operations for interacting with the Membrane platform. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage globally via NPM. This is an official package provided by the vendor (Membrane). - [SAFE]: The skill follows security best practices by delegating credential management to the Membrane platform instead of asking the user for sensitive API keys or tokens. It also provides a surface for indirect prompt injection by ingesting Getform submission data into the agent context via action outputs; however, this is consistent with the intended functionality of a data-retrieval skill and does not involve malicious intent.
Audit Metadata