persona
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI tool (@membranehq/cli) from the NPM registry to enable platform interactions.
- [COMMAND_EXECUTION]: Uses terminal commands to manage authentication and execute customer data operations via the membrane binary.
- [PROMPT_INJECTION]: The skill ingests data from external Persona actions which could potentially contain malicious instructions intended to influence the agent's logic. * Ingestion points: Data returned from membrane action run. * Boundary markers: None specified in the interpolation logic. * Capability inventory: Subprocess execution via the CLI. * Sanitization: No explicit validation of external action output before processing.
- [COMMAND_EXECUTION]: Dynamically constructs shell commands using action IDs and JSON input strings provided at runtime or retrieved from discovery steps.
Audit Metadata