Skills
skills/membranedev/application-skills/here/Gen Agent Trust Hub

here

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands for environment setup, authentication, and service interaction.
  • Evidence: Commands include npm install -g @membranehq/cli@latest, membrane login, and membrane action run.
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading a CLI tool from the public NPM registry.
  • Evidence: npm install -g @membranehq/cli@latest and npx @membranehq/cli@latest.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from external HERE APIs and uses natural language intents to discover or generate actions.
  • Ingestion points: Data returned from HERE services via membrane action run and descriptions used in membrane action list.
  • Boundary markers: None explicitly defined in the instructions to separate external data from agent instructions.
  • Capability inventory: The skill has the capability to install software via npm and execute dynamic actions via the membrane CLI.
  • Sanitization: No explicit sanitization or validation steps are documented for the data received from external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:38 PM
Security Audit — agent-trust-hub — here