nabla
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
membraneCLI tool to interact with Nabla, perform authentication, and execute data management actions. - [EXTERNAL_DOWNLOADS]: Instructions include downloading and installing the
@membranehq/clipackage from npm. This package is an official tool provided by the skill's vendor. - [DATA_EXFILTRATION]: The skill accesses sensitive healthcare data from Nabla. Authentication is managed server-side by Membrane, reducing the risk of local credential exposure.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill processes conversation messages and user data from the Nabla platform. Ingestion occurs through
membrane action runcommands without explicit boundary markers or sanitization logic mentioned in the instructions.
Audit Metadata