gravity-forms
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the official npm registry. This is a legitimate tool provided by the vendor to facilitate platform interactions. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform core functions including authentication (login), creating connections (connect), and executing form actions (action run). These commands are standard for the tool's integration purpose. - [PROMPT_INJECTION]: The skill provides an interface to read external data from Gravity Forms, which introduces a surface for indirect prompt injection.
- Ingestion points: Data enters the agent's context through actions such as
get-form-results,list-form-entries, andget-entryinSKILL.md. - Boundary markers: The instructions do not define clear delimiters or provide instructions to the agent to ignore potentially malicious content within form entries.
- Capability inventory: The agent has the capability to execute follow-up actions via
membrane action run, which could include modifying data or interacting with other connected services. - Sanitization: There is no logic described to sanitize or filter the content retrieved from external form entries before processing.
Audit Metadata