Skills
skills/membranedev/application-skills/nozbe-teams/Gen Agent Trust Hub

nozbe-teams

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill manages authentication through the Membrane platform. This approach ensures that sensitive credentials like Nozbe Teams API tokens are handled server-side and never exposed to the agent or stored in the local environment.
  • [EXTERNAL_DOWNLOADS]: Installs the official @membranehq/cli package from the NPM registry. This tool is the standard interface provided by the vendor to interact with their integration infrastructure.
  • [COMMAND_EXECUTION]: Utilizes the membrane CLI to perform operational tasks such as logging in, connecting connectors, and executing actions. These commands are used for their intended purpose within the scope of the integration.
  • [PROMPT_INJECTION]: The skill processes untrusted data from Nozbe Teams (such as task descriptions and comments), which introduces an indirect prompt injection surface.
  • Ingestion points: Data retrieved via the membrane action run command (e.g., project tasks, user comments).
  • Boundary markers: None are explicitly defined in the skill's instructional text to separate user data from instructions.
  • Capability inventory: The skill can read and create tasks, projects, and comments using the membrane CLI.
  • Sanitization: No explicit sanitization or content filtering is described for the incoming data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 03:31 AM