Skills
skills/membranedev/application-skills/kite-suite/Gen Agent Trust Hub

kite-suite

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the NPM registry. This is a verified tool provided by the skill author (Membrane) to facilitate the integration.\n- [COMMAND_EXECUTION]: The skill uses the membrane CLI to manage connections and execute actions within the Kite Suite environment. These are controlled commands necessary for the skill's primary function.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes data from the Kite Suite API.\n
  • Ingestion points: External data enters the context via the output of membrane action list and membrane action run (SKILL.md).\n
  • Boundary markers: Absent. The skill does not use specific delimiters or instructions to ignore potential commands embedded in API responses.\n
  • Capability inventory: The skill can execute shell commands via the CLI, create dynamic actions, and perform network operations.\n
  • Sanitization: Absent. There is no evidence of output sanitization for data retrieved from external API sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 09:12 PM