helium
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from npm, which is the official tool for the Membrane platform. This is a standard and expected operation for the skill.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to manage Helium devices, organizations, and flows. These commands are documented as part of the official vendor workflow.
- [DYNAMIC_EXECUTION]: The skill supports the creation of new integration logic via natural language through the membrane action create command. This is an intended primary feature of the integration platform.
- [INDIRECT_PROMPT_INJECTION]: The skill has a potential surface for indirect injection as it ingests untrusted data from the Helium API. (1) Ingestion points: Data entering the agent via membrane action run output (e.g., device events, labels). (2) Boundary markers: No specific delimiters are used in the provided instructions. (3) Capability inventory: Access to the membrane CLI for network-connected actions. (4) Sanitization: The skill relies on the platform's schema-based execution for data handling.
Audit Metadata