peach
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
membraneCLI tool to perform authentication, manage connections, and execute actions on the Peach platform.- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the@membranehq/clipackage from the public NPM registry. This is a vendor-owned tool necessary for the skill's functionality.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes output from the Peach API through the Membrane CLI, which could potentially contain untrusted instructions. - Ingestion points: Data returned by
membrane action listandmembrane action run(SKILL.md). - Boundary markers: None identified in the provided instructions.
- Capability inventory: Execution of shell commands via the
membraneCLI (SKILL.md). - Sanitization: No explicit sanitization or validation of the CLI output is described before the agent processes it.
Audit Metadata