librato
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the @membranehq/cli package via npm and utilizes npx for on-demand execution. These are official tools provided by the vendor for platform integration.
- [COMMAND_EXECUTION]: The skill employs several shell commands using the membrane CLI (membrane login, membrane connect, membrane action list, membrane action run) to manage metrics and automate workflows on the Librato platform. These are standard operations for the tool's intended use.
- [PROMPT_INJECTION]: The skill demonstrates processing user-provided natural language queries and JSON payloads to interact with external services. Ingestion points: User input flows into command arguments for intent-based action searching and creation. Boundary markers: The skill does not explicitly define delimiters to isolate user-provided strings within the CLI commands. Capability inventory: The tool is capable of executing actions on the Librato platform, including data retrieval and modification. Sanitization: No specific input validation or sanitization routines are mentioned in the skill instructions.
Audit Metadata