magnetic
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
@membranehq/clipackage from the npm registry and usesnpxto execute the latest version of the tool. These resources are provided by the official vendor (Membrane) to facilitate the integration. - [COMMAND_EXECUTION]: The skill utilizes several shell commands, including
membrane login,membrane action list, andmembrane action run, to perform CRM operations. These commands are executed locally by the agent to manage data via the Membrane platform as part of the skill's core functionality. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because it interpolates user-provided query strings and action parameters into CLI commands that interact with external services.
- Ingestion points: The
--intentparameter in the action discovery command and the--inputparameter in the action execution command. - Boundary markers: No explicit boundary markers or delimiters are used for the interpolated user content.
- Capability inventory: The skill possesses the capability to execute subprocesses and perform network operations through the Membrane CLI tool.
- Sanitization: Input sanitization is not explicitly defined in the skill instructions, relying instead on the underlying CLI tool and the Membrane platform for validation.
Audit Metadata