middesk
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from the NPM registry. This is an official tool provided by the vendor for platform interaction. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform operational tasks such as logging in, connecting to services, and managing data actions. - [REMOTE_CODE_EXECUTION]: The skill employs
npxto run the vendor's CLI tool directly from the official package registry for action discovery. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface related to the ingestion of external data.
- Ingestion points: The agent processes output from the
membrane action runandmembrane action listcommands which retrieve data from the external platform. - Boundary markers: No explicit delimiters or instructions are provided to distinguish between internal instructions and external data ingested at runtime.
- Capability inventory: The agent has access to shell commands via the
membraneCLI to interact with business identity and compliance data. - Sanitization: The skill does not describe any methods for validating or sanitizing the content returned by external actions before it is used by the agent.
Audit Metadata