Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to install the Membrane CLI globally and execute commands for logging in, managing connections, and running actions.
- [EXTERNAL_DOWNLOADS]: The agent is instructed to download the
@membranehq/clipackage from the NPM registry, which provides the core functionality for the skill. - [REMOTE_CODE_EXECUTION]: The skill supports dynamic action creation through
membrane action create, enabling the agent to generate new executable logic at runtime based on high-level descriptions. - [PROMPT_INJECTION]: Retrieval of LinkedIn posts and comments via actions like
list-postsandlist-commentsexposes the agent to untrusted external data, which could contain instructions designed to manipulate agent behavior. * Ingestion points: Data from LinkedIn posts and comments (SKILL.md). * Boundary markers: None specified in the instructions. * Capability inventory: Command execution and action running via the Membrane CLI. * Sanitization: No evidence of input filtering or content sanitization is provided in the documentation.
Audit Metadata