memberspotio
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry to interact with the Membrane platform. - [COMMAND_EXECUTION]: The skill executes various
membraneCLI commands to manage authentication, connections, and actions, which involve shell execution and network operations. - [PROMPT_INJECTION]: The skill processes data from Memberspot.io, creating a surface for indirect prompt injection attacks.
- Ingestion points: Data returned from action runs (
membrane action run) and action listings (membrane action list), such as user details, article content, or form data. - Boundary markers: No explicit delimiters are used to wrap data fetched from the external API to prevent it from being interpreted as instructions.
- Capability inventory: The skill can execute actions that modify external state and dynamically create new actions based on descriptions.
- Sanitization: No sanitization or validation logic is specified for the data retrieved from Memberspot.io before it is provided to the agent context.
Audit Metadata