human-api
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the Membrane CLI (
membrane login,membrane action run,membrane connect) to manage health data. It also includesmembrane action create, which allows for dynamic creation of API interactions based on natural language descriptions. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of a global Node.js package (
@membranehq/cli@latest) from the NPM registry. This package is the official tool for the platform described in the skill and is owned by the vendor. - [INDIRECT_PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection as it processes health data from external sources and creates actions dynamically.
- Ingestion points: Data retrieved from Human API through
membrane action runand metadata frommembrane action list. - Boundary markers: None provided in the command templates.
- Capability inventory: Subprocess execution via the CLI, network access to the Human API, and dynamic logic generation via the action creation feature.
- Sanitization: No specific sanitization or filtering instructions are provided for the data retrieved from external sources.
Audit Metadata