jobvite
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the installation of the '@membranehq/cli' package from the npm registry. This is a vendor-owned resource (membranedev) and is a standard component for the platform's operation.
- [COMMAND_EXECUTION]: The skill uses the 'membrane' CLI to manage authentication, establish connections to Jobvite, and execute actions. These are essential operations for the skill's primary purpose of integration.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing user-supplied natural language 'intents' to discover or dynamically create actions on the platform.
- Ingestion points: User-provided strings are passed to 'membrane action list --intent' and 'membrane action create'.
- Boundary markers: None are specified in the command-line usage patterns within the instructions.
- Capability inventory: The skill can execute actions via 'membrane action run', which may involve network calls or data modifications within the Jobvite environment.
- Sanitization: The skill depends on the Membrane platform's backend to sanitize and validate user intents before identifying or building executable functionality.
Audit Metadata