onna
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official
@membranehq/clitool from the NPM registry to facilitate communication with the Membrane platform. - [COMMAND_EXECUTION]: Utilizes the
membranecommand-line interface to perform operations such as logging in, connecting to services, and executing workflow actions. - [PROMPT_INJECTION]: Processes data retrieved from external Onna sources such as Slack or Google Drive, which represents an indirect ingestion surface.
- Ingestion points: Search results and action outputs retrieved via the CLI (SKILL.md).
- Boundary markers: Not explicitly specified in the instructions.
- Capability inventory: Executes shell commands via the Membrane CLI (SKILL.md).
- Sanitization: Relies on the Membrane platform's structured data handling and API abstraction for external content.
Audit Metadata