Skills
skills/membranedev/application-skills/nextcloud/Gen Agent Trust Hub

nextcloud

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the '@membranehq/cli' global package from npm. This is an official vendor resource provided by 'membranedev' for platform connectivity.
  • [COMMAND_EXECUTION]: The instructions direct the agent to execute shell commands using the 'membrane' CLI to manage login, connections, and Nextcloud actions. This is the intended functional method for this skill.
  • [PROMPT_INJECTION]: The skill processes data from Nextcloud (such as file contents and metadata), creating an indirect prompt injection surface. Ingestion points: Nextcloud data retrieved via 'membrane action run'. Boundary markers: None specified in the instructions for isolating external content. Capability inventory: Shell command execution via the 'membrane' CLI. Sanitization: No explicit sanitization or validation of data retrieved from Nextcloud is defined.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 08:42 PM
Security Audit — agent-trust-hub — nextcloud