Skills
skills/membranedev/application-skills/metabase/Gen Agent Trust Hub

metabase

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package, which is a vendor-owned utility used for platform interactions.
  • [COMMAND_EXECUTION]: Utilizes the membrane command-line tool for authentication, connection management, and running data actions.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it accepts natural language descriptions for searching and creating actions.
  • Ingestion points: Found in SKILL.md where user-provided strings are passed to the --intent and action create parameters.
  • Boundary markers: The instructions do not define specific delimiters for separating user intent from the rest of the command.
  • Capability inventory: The CLI can search for, create, and execute actions that interact with external Metabase data.
  • Sanitization: The skill relies on the underlying Membrane platform to handle the natural language processing, with no local sanitization steps defined in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 08:42 PM