Skills
skills/membranedev/application-skills/grist/Gen Agent Trust Hub

grist

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads and installs the @membranehq/cli package from the official NPM registry to manage integration infrastructure. This package belongs to the skill's authoring organization.
  • [COMMAND_EXECUTION]: Utilizes shell commands to install the CLI, handle authentication, and execute spreadsheet operations such as running SQL queries and managing records.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes data from external Grist spreadsheets which may contain untrusted content.
  • Ingestion points: External data enters the agent context through actions like list-records and run-sql-query defined in SKILL.md.
  • Boundary markers: There are no specified delimiters or instructions to prevent the agent from interpreting spreadsheet content as commands.
  • Capability inventory: The skill possesses command execution capabilities through the membrane CLI and npm as described in SKILL.md.
  • Sanitization: No sanitization or validation logic is present to filter malicious instructions within the retrieved spreadsheet data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 01:42 AM
Security Audit — agent-trust-hub — grist