kingsumo
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the Membrane CLI (
@membranehq/cli@latest) via NPM. This is a public tool provided by the vendor to facilitate the integration and handle authentication securely. - [COMMAND_EXECUTION]: The skill uses the
membranecommand-line interface to perform actions such as logging in, connecting to services, and executing KingSumo-specific tasks. These commands are part of the intended integration workflow. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external KingSumo entries and giveaways. This represents a potential indirect injection surface where content from giveaway contestants could influence the agent.
- Ingestion points: Data enters via the output of
membrane action run(e.g., contestant lists or giveaway details). - Boundary markers: None identified in the provided instructions.
- Capability inventory: The skill can execute actions via the CLI but does not provide direct file-write or arbitrary system execution capabilities.
- Sanitization: No explicit sanitization or validation of the external KingSumo data is described.
- [SAFE]: The skill follows security best practices by delegating credential management to the Membrane platform, which prevents the need for hardcoded API keys or tokens in the skill instructions or local environment.
Audit Metadata