lamden
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install
@membranehq/cliglobally via npm. This is a standard dependency provided by the vendor to facilitate the skill's functionality. - [COMMAND_EXECUTION]: The skill heavily utilizes shell commands through the
membraneCLI to manage connections, discover actions, and execute blockchain operations. This is the intended operational mode of the skill. - [DATA_EXFILTRATION]: The skill presents a surface for potential indirect prompt injection (Category 8).
- Ingestion points: Data enters the agent context through the output of
membrane action runandmembrane action listcommands executed in the terminal (SKILL.md). - Boundary markers: No explicit instructions or delimiters are provided to the agent to treat action outputs as untrusted data or to ignore embedded instructions within that data.
- Capability inventory: The agent has the capability to execute shell commands (
membrane action run), create new actions (membrane action create), and perform network-authenticated operations via the CLI (SKILL.md). - Sanitization: The skill does not specify any sanitization or validation logic for the content returned from blockchain actions before it is processed by the agent.
Audit Metadata