loyjoy
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the official NPM registry to manage LoyJoy integrations. \n- [COMMAND_EXECUTION]: The skill executes various membrane CLI commands to handle authentication, connection management, and action execution. \n- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection (Category 8) because it processes conversational data from the LoyJoy platform. \n
- Ingestion points: External chat content is brought into the agent's context through the output of 'membrane action run' commands. \n
- Boundary markers: The skill does not define specific delimiters or instructions to help the agent isolate conversational data from its core instructions. \n
- Capability inventory: The agent has the capability to run CLI commands and dynamically create new actions via natural language descriptions. \n
- Sanitization: No explicit sanitization or validation steps are provided for the data retrieved from LoyJoy.
Audit Metadata