memberspotio

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the npm registry to interact with the Membrane platform.
  • [COMMAND_EXECUTION]: The skill executes various membrane CLI commands to manage authentication, connections, and actions, which involve shell execution and network operations.
  • [PROMPT_INJECTION]: The skill processes data from Memberspot.io, creating a surface for indirect prompt injection attacks.
  • Ingestion points: Data returned from action runs (membrane action run) and action listings (membrane action list), such as user details, article content, or form data.
  • Boundary markers: No explicit delimiters are used to wrap data fetched from the external API to prevent it from being interpreted as instructions.
  • Capability inventory: The skill can execute actions that modify external state and dynamically create new actions based on descriptions.
  • Sanitization: No sanitization or validation logic is specified for the data retrieved from Memberspot.io before it is provided to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 12:59 AM
Security Audit — agent-trust-hub — memberspotio