mews
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package from the official npm registry to enable interaction with the Membrane platform.
- [COMMAND_EXECUTION]: Executes shell commands via the membrane CLI to manage connections and run actions against the Mews API, including dynamic action creation.
- [PROMPT_INJECTION]: The skill processes data from the Mews PMS, which represents a potential surface for indirect prompt injection. Ingestion points: External data such as Customer, Reservation, and Product identifiers retrieved via the membrane CLI in SKILL.md. Boundary markers: No specific delimiters are used to isolate Mews data from the agent's internal instructions. Capability inventory: The skill allows the agent to run shell commands and dynamically generate actions on the vendor's platform. Sanitization: Sanitization is not specified in the instructions, implying reliance on platform-level protections.
Audit Metadata