polly
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the '@membranehq/cli' package from npm, which is the official tool provided by the vendor for platform integrations.
- [COMMAND_EXECUTION]: The skill utilizes the 'membrane' command-line interface to manage authentication, connections, and action execution, which is the intended and documented functionality.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection via tool outputs. 1. Ingestion points: Data returned from 'membrane action run'. 2. Boundary markers: No specific delimiters or instructions to ignore embedded content were found. 3. Capability inventory: CLI execution for action management. 4. Sanitization: None explicitly defined; relies on agent-level safety filters.
- [SAFE]: No evidence of credential theft, unauthorized data access, or code obfuscation was found during the analysis.
Audit Metadata