instatus
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally using npm. This package is provided by the vendor to interact with their platform and is necessary for the skill's operations. - [COMMAND_EXECUTION]: The instructions require the execution of multiple shell commands via the
membraneCLI tool, includingmembrane loginfor authentication,membrane connectfor account linking, andmembrane action runfor data operations. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection attacks.
- Ingestion points: Data retrieved from Instatus (e.g., incident descriptions, component names, or metrics) enters the agent's context through the
membrane action runcommand. - Boundary markers: The skill does not provide any specific delimiters or instructions to help the agent distinguish between trusted instructions and potentially untrusted data from Instatus.
- Capability inventory: The agent has the ability to execute CLI commands and modify external status page data, creating a functional path if the agent is manipulated by malicious content in an incident report.
- Sanitization: There is no evidence of filtering, escaping, or validation of the content retrieved from the Instatus API before it is processed by the model.
Audit Metadata