hellosign
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clitool from NPM. This is an expected utility provided by the vendor to facilitate communication with the Membrane platform. - [COMMAND_EXECUTION]: The instructions involve executing various
membraneCLI commands for logging in, managing connections, and invoking HelloSign actions. These commands are necessary for the skill's primary functionality. - [PROMPT_INJECTION]: As the skill ingests and processes data from external HelloSign accounts (e.g., template names or document details), it possesses an inherent surface for indirect prompt injection.
- Ingestion points: Data returned from the HelloSign API via the
membrane action listandmembrane action runcommands. - Boundary markers: The instructions do not specify boundary markers or instructions to ignore instructions embedded in the external data.
- Capability inventory: The skill allows the agent to trigger side effects such as sending signature requests or deleting templates using the CLI.
- Sanitization: There is no explicit sanitization or validation of the data retrieved from the external API before it is presented to the agent.
Audit Metadata