google-classroom
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the
@membranehq/clipackage from the NPM registry. This package is an official tool from the vendor (Membrane) required to facilitate the integration. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform operations such as authentication (membrane login), connection management (membrane connect), and action execution (membrane action run). These commands are necessary for the skill's functionality and are directed at the vendor's service. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it retrieves and processes external data from Google Classroom (e.g., coursework, student submissions, and announcements).
- Ingestion points: Data ingested via
membrane action runandmembrane action listcommands (SKILL.md). - Boundary markers: No specific delimiters or boundary markers are defined to isolate untrusted external content.
- Capability inventory: The skill can execute CLI commands and create new actions on the Membrane platform.
- Sanitization: There is no mention of sanitizing or filtering the data retrieved from the external Google Classroom API.
- [SAFE]: No malicious patterns, such as direct prompt injection, credential harvesting, or obfuscated code, were detected. The use of a managed CLI for authentication is a secure pattern that avoids exposing sensitive tokens to the agent.
Audit Metadata