make
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires installing the
@membranehq/clipackage from the global NPM registry to facilitate communication with the Membrane platform. - [COMMAND_EXECUTION]: The instructions direct the agent to execute various shell commands using the
membraneCLI for authentication (membrane login), connection management (membrane connect), and workflow execution (membrane action run). - [DATA_EXFILTRATION]: The skill retrieves structured data from external Make scenarios and modules via the
membrane action runcommand, importing that data into the agent's execution context. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes data returned from external Make actions which may be attacker-controlled.
- Ingestion points: Data enters the context through the output of the
membrane action runcommand as described inSKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard potential instructions embedded within the retrieved Make data.
- Capability inventory: The agent has the ability to execute shell commands, install software, and create new actions via the Membrane CLI as defined in
SKILL.md. - Sanitization: No validation or sanitization steps are documented for the data received from the Make integration before it is interpreted by the agent.
Audit Metadata