mixpanel
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliglobal package from NPM. This is a vendor-owned resource from 'membranedev' used for the skill's operations. - [COMMAND_EXECUTION]: The skill executes
membraneCLI commands to handle authentication, connection management, and to interact with Mixpanel actions. - [PROMPT_INJECTION]: The skill contains a potential surface for indirect prompt injection when handling user data.
- Ingestion points: User-provided strings are passed directly to the
--intentand--inputparameters in the CLI commands documented in SKILL.md. - Boundary markers: Boundary markers are absent; user input is interpolated directly into command arguments.
- Capability inventory: The skill can perform actions including searching for, creating, and executing API tasks on the Membrane platform as defined in SKILL.md.
- Sanitization: No explicit sanitization or input validation is performed within the provided skill instructions.
Audit Metadata