piggy
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the npm registry, which is the official tool provided by the author for managing integrations. - [COMMAND_EXECUTION]: It utilizes the
membraneCLI to perform actions such asmembrane login,membrane connect, andmembrane request. These commands are standard for the Membrane platform's operation and are used as intended for service integration. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection because it ingests external data from the Piggy API. Ingestion points: Data retrieved via
membrane action runandmembrane requestfrom the Piggy API. Boundary markers: The instructions do not define specific delimiters for external data. Capability inventory: The skill can execute shell commands via themembraneCLI and perform network operations. Sanitization: The skill relies on the underlying agent's standard safety protocols and the Membrane platform's internal handling.
Audit Metadata