Skills
skills/membranedev/application-skills/mumara/Gen Agent Trust Hub

mumara

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the official CLI tool from the vendor using npm install -g @membranehq/cli@latest and npx @membranehq/cli@latest. These are legitimate resources from the verified author and are required for the skill's operation.\n- [PROMPT_INJECTION]: The skill supports searching for and creating actions via natural language, which introduces a potential surface for indirect prompt injection.\n
  • Ingestion points: User-defined strings are passed to the --intent and --description parameters of the membrane CLI in SKILL.md.\n
  • Boundary markers: Absent; the instructions rely on standard shell command formatting for the user's intent.\n
  • Capability inventory: The skill uses the membrane CLI to execute various marketing automation actions and manage platform connections.\n
  • Sanitization: Not specified in the instructions; the security of the input processing is handled by the vendor's platform services.\n- [SAFE]: The skill uses a secure authentication model where credentials are managed server-side by Membrane, preventing the need for local storage of sensitive tokens or API keys.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 05:38 AM
Security Audit — agent-trust-hub — mumara