postman
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI globally via NPM using
npm install -g @membranehq/cli@latest. This is a vendor-owned package required for the skill to operate. - [COMMAND_EXECUTION]: The skill relies on executing shell commands through the
membraneCLI to manage connections and run API actions. This includes dynamic parameters such as connection IDs and action IDs. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design.
- Ingestion points: External data enters the agent context via
membrane action list(fetching action descriptions) andmembrane action run(processing API responses from Postman). - Boundary markers: Absent. There are no explicit instructions to the agent to ignore or delimit instructions that might be embedded within the Postman API data.
- Capability inventory: The skill possesses the ability to read workspace data, create new actions (
membrane action create), and execute them (membrane action run), which could be abused if malicious data influences the agent's logic. - Sanitization: No sanitization or validation of Postman-sourced content is described in the skill instructions.
Audit Metadata