medius
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official NPM registry. This package belongs to the skill's authoring organization and is used for its intended purpose of managing cloud integrations.\n- [COMMAND_EXECUTION]: The skill executes variousmembraneCLI commands to authenticate users and interact with the Medius service. These operations are restricted to the vendor's own command-line interface.\n- [METADATA]: A documentation link for 'Oculus' is included in the 'Medius' skill. This appears to be a copy-paste error from another skill template and does not point to a malicious domain.\n- [INDIRECT_PROMPT_INJECTION]: The skill interpolates user-provided queries into shell commands (e.g., the--intentand--descriptionflags). While this presents a surface for indirect prompt injection, it is mitigated by the fact that these commands are executed within the context of the user's authenticated Membrane session.\n - Ingestion points: User-provided 'QUERY' and 'DESCRIPTION' strings in SKILL.md shell examples.\n
- Boundary markers: None present in the command examples.\n
- Capability inventory: Subprocess execution via
membrane action listandmembrane action create.\n - Sanitization: No explicit sanitization or escaping logic is described in the prompt instructions.
Audit Metadata