pandle
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the user to install the Membrane CLI from the official NPM registry using the command
npm install -g @membranehq/cli@latest. - [PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection by ingesting data from external Pandle sources and operating in an environment with significant execution capabilities.
- Ingestion points: Records such as invoices, transactions, and customer data are retrieved from Pandle via the
membrane action runcommand as described inSKILL.md. - Boundary markers: Absent. The skill instructions do not provide delimiters or specific warnings to the agent to treat data from Pandle as untrusted.
- Capability inventory: The agent has the capability to execute arbitrary actions, list system connections, and create new integration logic using the
membraneCLI tools inSKILL.md. - Sanitization: Absent. No explicit validation, escaping, or filtering of the external data is mentioned before it is processed by the agent.
Audit Metadata