omnisend
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The instructions guide users to install the @membranehq/cli package via the global NPM registry. This is the official command-line interface provided by the vendor for platform interaction.
- [COMMAND_EXECUTION]: The skill relies on the membrane CLI for core functionalities, including user authentication (membrane login), service connection management (membrane connect), and triggering API actions (membrane action run). These operations are standard for the integration's intended use.
- [PROMPT_INJECTION]: The skill processes external data retrieved from the Omnisend API via the membrane action run command. This constitutes an indirect prompt injection surface. 1. Ingestion points: Command output from membrane action run and membrane action list (SKILL.md). 2. Boundary markers: No explicit separators or instructions to ignore embedded content are provided in the documentation. 3. Capability inventory: The agent uses the membrane CLI to perform API requests and manage actions (SKILL.md). 4. Sanitization: Responsibility for data validation and sanitization resides with the Membrane platform infrastructure.
Audit Metadata