Skills
skills/membranedev/application-skills/goto-webinar/Gen Agent Trust Hub

goto-webinar

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the official NPM registry, which is the expected tool for the author's platform integration.
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to execute various webinar management actions, such as creating registrants and listing sessions.
  • [CREDENTIALS_UNSAFE]: The instructions explicitly follow best practices by directing the agent to use the platform's built-in authentication flow rather than requesting or storing raw API keys or tokens.
  • [PROMPT_INJECTION]: The skill processes user-provided descriptions and intents to search for or create platform actions. While this presents an indirect prompt injection surface, it is a standard feature of the tool's discovery mechanism.
  • Ingestion points: SKILL.md (parameters for membrane action list --intent and membrane action create)
  • Boundary markers: Absent in command-line interpolation examples
  • Capability inventory: Shell command execution via membrane action run
  • Sanitization: Relies on the platform's backend for action generation and validation
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 06:36 AM
Security Audit — agent-trust-hub — goto-webinar