Skills
skills/membranedev/application-skills/leyr/Gen Agent Trust Hub

leyr

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the NPM registry. This tool is provided by the vendor to facilitate communication with the Membrane platform.
  • [COMMAND_EXECUTION]: The instructions guide the agent to perform multiple shell commands using the membrane CLI, including login, connect, and action run. These are core to the skill's intended operation.
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection because it ingests data from external Leyr actions and creates new actions based on natural language descriptions provided to the CLI.
  • Ingestion points: Data retrieved through membrane action list and the output of membrane action run in SKILL.md.
  • Boundary markers: No specific boundary markers or instructions to ignore nested commands are defined in the provided agent instructions.
  • Capability inventory: The skill can execute shell commands, perform authenticated network operations via the platform, and dynamically generate and run new actions.
  • Sanitization: The instructions do not specify any validation or sanitization protocols for data ingested from the Leyr platform before it is used by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 03:20 AM