parsioio
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry. This is an official scoped package provided by the vendor (membranedev) to facilitate interaction with their platform. - [COMMAND_EXECUTION]: The instructions utilize the
membranecommand-line interface to manage logins, create service connections, and execute automated actions. These commands are standard operations within the platform's ecosystem. - [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it processes untrusted data from emails and document attachments via Parsio.io.
- Ingestion points: Untrusted external data enters the agent context from Parsio.io documents and parser outputs.
- Boundary markers: The skill does not currently define explicit delimiters or instructions to ignore potential commands embedded within the parsed data.
- Capability inventory: The skill can execute actions via the CLI, which may include file system or network operations depending on the specific actions created/run.
- Sanitization: There is no evidence of explicit sanitization or filtering of the external data before processing.
- [DATA_EXFILTRATION]: The skill demonstrates a positive security posture by explicitly advising against manual API key management and instead utilizing the platform's centralized connection system, reducing the risk of credential exposure.
Audit Metadata