gobiolink
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the Membrane CLI (@membranehq/cli) via npm. This is the official tool provided by the vendor to facilitate platform integrations.
- [COMMAND_EXECUTION]: The skill uses various membrane CLI commands to handle authentication, manage connections, and execute actions, which are standard and expected operations for this platform.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external Gobio.link sources, presenting an attack surface for indirect prompt injection. (1) Ingestion points: External data is ingested through actions like list-data, get-data, get-user, and list-projects. (2) Boundary markers: No explicit delimiters or instructions for the agent to ignore embedded commands are present in the provided context. (3) Capability inventory: The skill can execute actions using membrane action run and create new actions using membrane action create. (4) Sanitization: There is no mention of sanitization or filtering of the content retrieved from the external service before it is processed by the agent.
Audit Metadata