Skills
skills/membranedev/application-skills/ngrok/Gen Agent Trust Hub

ngrok

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Membrane CLI to interact with the platform for Ngrok management.
  • Commands such as membrane login, membrane connect, and membrane action run are used to manage the lifecycle of tunnels and integrations.
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package from the public NPM registry.
  • This is the official tool provided by the vendor (Membrane) to interface with their service and is an expected dependency for the skill's functionality.
  • [PROMPT_INJECTION]: The skill provides an interface for dynamic action discovery and creation which ingests untrusted data.
  • Ingestion points: User-provided strings are used in membrane action list --intent "QUERY" and membrane action create "DESCRIPTION" (SKILL.md).
  • Boundary markers: Commands do not use specific delimiters for the natural language parameters.
  • Capability inventory: The skill can execute actions against the Ngrok API via the Membrane platform using membrane action run (SKILL.md).
  • Sanitization: The skill relies on the Membrane platform's internal logic to safely interpret and generate actions from user descriptions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 10:41 AM