nocodb
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry. This is the official command-line interface for the Membrane platform, which is the vendor of this skill. - [COMMAND_EXECUTION]: The skill uses various shell commands through the
membraneCLI to manage connections and execute actions. These commands are standard for the platform's operation and facilitate secure interaction with the Nocodb API. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes external data through
membrane action list(fetching action schemas) andmembrane action run(fetching execution outputs). - Ingestion points: CLI output from action discovery and execution.
- Boundary markers: None explicitly defined in the instructions.
- Capability inventory: The agent can execute arbitrary platform actions via
membrane action runand create new logic viamembrane action create. - Sanitization: Not specified; reliance is placed on the underlying platform's handling of action schemas.
Audit Metadata