Skills
skills/membranedev/application-skills/isolved/Gen Agent Trust Hub

isolved

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the Membrane CLI tool (@membranehq/cli) from the public npm registry to enable interaction with the Membrane platform.
  • [COMMAND_EXECUTION]: Executes shell commands via the membrane CLI to manage connections, search for capabilities, and run HRIS-related actions.
  • [PROMPT_INJECTION]: The skill ingests external data from Isolved and uses natural language descriptions for action discovery and creation, presenting a surface for indirect prompt injection. * Ingestion points: Data retrieved from Isolved via membrane action run in SKILL.md. * Boundary markers: Absent; the instructions do not specify delimiters for wrapping external data when processed by the agent. * Capability inventory: Subprocess execution of the membrane CLI tool for connection management and action execution in SKILL.md. * Sanitization: Absent; no explicit validation or filtering of retrieved HRIS data is defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 10:37 PM
Security Audit — agent-trust-hub — isolved