loopmessage
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via npm, which is the official command-line tool for the vendor's platform. - [COMMAND_EXECUTION]: The skill executes various
membraneCLI commands to handle authentication (login), establish connections (connect), and manage actions (action list,action create,action run). - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing data returned from external API actions.
- Ingestion points: Data entering the agent context via the output of the
membrane action runcommand in SKILL.md. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential instructions embedded in the action output.
- Capability inventory: The skill allows the agent to create and run arbitrary actions through the CLI, providing a path for multi-step execution chains.
- Sanitization: There is no description of sanitization, validation, or escaping of action output before it is processed by the agent.
Audit Metadata