postgrid
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage via NPM. This is an official tool provided by the vendor (membranedev) to facilitate interaction with their platform. - [COMMAND_EXECUTION]: The instructions involve running shell commands using the
membraneCLI to authenticate users, manage service connections, and execute integration actions. - [REMOTE_CODE_EXECUTION]: The skill utilizes the Membrane platform's capability to dynamically generate and execute 'actions' on its infrastructure via the
membrane action createandmembrane action runcommands. - [DATA_EXFILTRATION]: The skill facilitates the retrieval and processing of data from PostGrid. It correctly implements secure practices by leveraging the vendor's managed connection system to handle authentication server-side, preventing local exposure of API keys.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from PostGrid (such as person or template information) which could be controlled by an external actor.
- Ingestion points: Data retrieved via
membrane action run(SKILL.md). - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt templates.
- Capability inventory: The agent can execute shell commands via the
membraneCLI (SKILL.md). - Sanitization: There are no documented steps for validating or escaping the data retrieved from external sources before processing.
Audit Metadata