insightsoftware
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the NPM registry. This is an official tool provided by the vendor (membranedev/membrane) and is a standard dependency for accessing the platform. - [COMMAND_EXECUTION]: The skill makes extensive use of the
membraneCLI to perform operations such as authentication, action discovery, and running specific integration tasks. These commands are part of the intended system interaction. - [CREDENTIALS_UNSAFE]: The instructions demonstrate good security hygiene by explicitly telling the agent to avoid requesting or handling sensitive user credentials directly, delegating this to the Membrane platform's server-side connection manager.
- [PROMPT_INJECTION]: The skill processes data returned from external Insightsoftware actions, which creates a surface for indirect prompt injection. Attackers with control over data in the connected system could potentially embed instructions aimed at manipulating the agent's behavior.
- Ingestion points: Data returned from action executions (e.g., reports, user lists) is processed by the agent.
- Boundary markers: None identified; the skill does not specify the use of delimiters or 'ignore' instructions for the external data.
- Capability inventory: The CLI provides capabilities for file system interactions, network requests, and the generation of new executable actions.
- Sanitization: There are no instructions for sanitizing or validating the contents of the retrieved data before the agent acts upon it.
Audit Metadata