practitest
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Membrane CLI from the npm registry via
npm install -g @membranehq/cli@latest. This is a vendor-provided tool used for authentication and interaction with the platform. - [COMMAND_EXECUTION]: The skill instructions frequently use the
membraneCLI to perform operations such as listing connections, searching for actions, and running tasks. These commands are necessary for the skill's primary function of managing PractiTest data. - [DATA_EXFILTRATION]: The skill interacts with the PractiTest API to read and manage requirements, test sets, and runs. While this involves moving data to and from an external service, it is the intended purpose of the skill and is handled via the vendor's managed connection system.
- [REMOTE_CODE_EXECUTION]: The
membrane action createcommand allows for the dynamic generation of new logic or actions within the Membrane environment. This is a core feature of the platform but represents a form of dynamic execution. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted data from an external source (PractiTest).
- Ingestion points: Data returned from PractiTest via
membrane action runand action metadata frommembrane action list(SKILL.md). - Boundary markers: None identified in the skill instructions.
- Capability inventory: The skill can execute actions (
membrane action run) and create new logic (membrane action create) based on processed data. - Sanitization: No explicit sanitization or validation of the external content is mentioned before it is processed by the agent.
Audit Metadata