okay
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage using npm. This is an official tool provided by the vendor to interact with their platform and is necessary for the skill's functionality. - [COMMAND_EXECUTION]: The skill provides instructions for executing
membraneCLI commands to authenticate the user, list connections, and run actions. These commands are localized to the integration's logic. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes data from the Okay platform through action outputs and search results.
- Ingestion points: Outputs from
membrane action list,membrane action get, andmembrane action runcommands found inSKILL.md. - Boundary markers: No explicit markers or warnings to ignore embedded instructions are provided in the command examples.
- Capability inventory: The skill can execute actions (
membrane action run) and create new ones (membrane action create), allowing for data manipulation and network interaction within the scope of the Okay integration. - Sanitization: No sanitization or validation logic is specified for the data returned from the external API.
Audit Metadata