Skills
skills/membranedev/application-skills/inedo-otter/Gen Agent Trust Hub

inedo-otter

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs the @membranehq/cli package from the official NPM registry to interact with the Membrane platform.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to manage Inedo Otter resources, including membrane action run and membrane action create for infrastructure automation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external Inedo Otter API responses.
  • Ingestion points: Runtime data retrieved via membrane action list and membrane action run output in SKILL.md.
  • Boundary markers: Absent; the instructions do not define clear delimiters for external data.
  • Capability inventory: The skill can execute automation logic and create new actions using the membrane CLI.
  • Sanitization: Not specified in the skill body; relies on the underlying platform's handling of action schemas.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 11:52 AM