The Agent Skills Directory

[SAFE]: The skill follows security best practices by using the Membrane platform for authentication, ensuring that no sensitive API keys or credentials are handled directly by the AI agent or stored in local files.
[COMMAND_EXECUTION]: The skill utilizes the membrane CLI for operational tasks, including logging in, connecting to the Junip connector, and executing reviews-related actions. These are legitimate uses of the vendor-provided tool.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the official npm registry. This is a verified tool belonging to the skill's authoring organization (Membrane).
[PROMPT_INJECTION]: The skill documentation is focused on utility and does not contain any instructions aimed at bypassing AI safety guardrails or overriding system prompts.
[DATA_EXPOSURE]: No hardcoded secrets, private keys, or sensitive local file path accesses were detected. Data flow is restricted to the authenticated Membrane session.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests customer reviews from Junip (via list-reviews and get-review). While malicious instructions could be embedded in review content, the skill does not exhibit unsafe interpolation patterns that would prioritize such content over system instructions.
Ingestion points: Review data fetched via list-reviews and get-review in SKILL.md.
Boundary markers: Absent.
Capability inventory: Subprocess calls via the membrane CLI in SKILL.md.
Sanitization: Not explicitly defined.

junip