plance
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the '@membranehq/cli' package from the public NPM registry. This is the official tool provided by the vendor for managing integrations.
- [COMMAND_EXECUTION]: The skill uses the 'membrane' CLI to manage authentication, connection discovery, and API requests against Plance.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes data from external Plance projects and tasks.
- Ingestion points: Results from 'membrane action run' and 'membrane request' commands.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present.
- Capability inventory: Execution of shell commands via the 'membrane' CLI.
- Sanitization: No sanitization of the external content is described.
Audit Metadata