pidj
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes content from the external Pidj platform.
- Ingestion points: Untrusted data from Pidj is ingested into the agent context via the output of commands like
membrane action listandmembrane action run(identified inSKILL.md). - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat external content as potentially untrusted data.
- Capability inventory: The agent can execute platform actions and shell commands via the
membraneCLI (identified inSKILL.md). - Sanitization: The instructions do not include mechanisms for sanitizing or validating retrieved data before processing.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of a command-line utility from the NPM registry.
- Evidence: The command
npm install -g @membranehq/cli@latestis used to install the required vendor-provided CLI tool (found inSKILL.md). - [COMMAND_EXECUTION]: The skill's operational logic depends on the execution of shell commands through a CLI interface.
- Evidence: The documentation provides numerous shell command examples including
membrane login,membrane action list, andmembrane action run(found inSKILL.md).
Audit Metadata