pingbell
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage from the official NPM registry to facilitate communication with the integration platform. - [DATA_EXPOSURE]: The skill follows secure patterns by specifically instructing the agent not to handle raw credentials (tokens or API keys). Instead, it uses a centralized connection manager to handle authentication server-side.
- [COMMAND_EXECUTION]: The skill uses a command-line interface to manage connections and execute actions. These commands are scoped to the functionality of the PingBell integration.
- [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface where it ingests untrusted user data to search for or dynamically create new actions.
- Ingestion points: User-provided natural language strings passed to the
--intentandDESCRIPTIONparameters in SKILL.md. - Boundary markers: No specific delimiters are used to wrap the user-provided queries.
- Capability inventory: The skill can execute subprocesses via the
membrane action runcommand across various scripts. - Sanitization: No explicit sanitization or validation of the input strings is performed within the skill instructions.
Audit Metadata