officient
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the official NPM registry. This package is a vendor-owned utility required to facilitate communication with the Membrane platform.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI for authentication (login), connection management (connect), and executing platform actions. These commands are necessary for the primary function of the skill and utilize the vendor's established infrastructure.
- [PROMPT_INJECTION]: The skill interacts with dynamic actions which serves as an indirect prompt injection surface.
- Ingestion points: Data is ingested from external Officient action schemas and results through membrane action list and membrane action run commands as documented in SKILL.md.
- Boundary markers: Absent; there are no specific markers or instructions provided to delimit or ignore instructions within the ingested data.
- Capability inventory: The agent has access to shell command execution through the membrane CLI as described in SKILL.md.
- Sanitization: Absent; the skill does not include specific logic to sanitize or validate the content returned by external actions before it is processed by the agent.
Audit Metadata