hubstaff
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally from the NPM registry. This is a vendor-provided tool from '@membranehq' (associated with 'membranedev') required for the skill to function. - [COMMAND_EXECUTION]: The skill makes extensive use of the
membraneCLI to perform operations such as logging in, connecting to services, listing actions, and running integration tasks. This involves executing shell commands to interact with the Membrane platform. - [COMMAND_EXECUTION]: The
membrane action createcommand allows for the dynamic creation of new integration logic based on a natural language description. This generated code is then executed viamembrane action runon the vendor's infrastructure. - [PROMPT_INJECTION]: The skill processes data retrieved from the external Hubstaff API, which presents a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the output of
membrane action runcommands as described inSKILL.md. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the processed data.
- Capability inventory: The agent has the capability to execute shell commands and create new actions via the
membraneCLI inSKILL.md. - Sanitization: There is no evidence of sanitization or filtering of the external API responses before they are returned to the agent.
Audit Metadata