onethread
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the NPM registry. This package is the official tool used to interact with the Membrane platform. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to manage connections and execute API actions. This behavior is necessary for the skill's stated purpose of integrating with Onethread. - [PROMPT_INJECTION]: The skill processes data from the Onethread platform, which constitutes an ingestion surface for indirect prompt injection.
- Ingestion points: Reads thread and message content via
membrane action run(SKILL.md). - Boundary markers: None identified in the provided instructions.
- Capability inventory: Executes shell commands via
membraneCLI to perform actions (SKILL.md). - Sanitization: No explicit sanitization of external content is described.
Audit Metadata