Skills
skills/membranedev/application-skills/nano-nets/Gen Agent Trust Hub

nano-nets

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package globally using npm. This is a vendor-provided tool used to interact with the Membrane platform.
  • [COMMAND_EXECUTION]: The instructions direct the agent to execute several shell commands using the membrane CLI, including membrane login, membrane connect, membrane action list, and membrane action run to manage data and execute operations.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where natural language inputs are used to search for or create actions via the --intent and "DESCRIPTION" arguments.
  • Ingestion points: User-provided strings or agent-generated descriptions passed to the membrane action list and membrane action create commands.
  • Boundary markers: None provided in the instructions to separate untrusted data from the command context.
  • Capability inventory: The skill can execute shell commands (membrane CLI) and perform network operations through actions run on the Membrane platform.
  • Sanitization: There is no mention of input validation or sanitization for the strings used in natural language discovery or action creation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 04:09 PM