privy
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [UNVERIFIABLE_DEPENDENCIES]: The skill instructs users to install the
@membranehq/clipackage globally via npm (npm install -g @membranehq/cli@latest). This is a vendor-owned resource for the Membrane platform. - [COMMAND_EXECUTION]: Multiple shell commands are utilized to manage the lifecycle of the integration, including
membrane login,membrane connect, andmembrane action run. These commands facilitate authentication and data interaction with the Privy service. - [DYNAMIC_EXECUTION]: The skill uses
membrane action createto generate new integration logic based on a natural language description provided at runtime. This allows for dynamic functionality generation within the Membrane environment. - [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data.
- Ingestion points: Data from the user or the Privy platform is passed into CLI arguments via the
--intent,--description, and--inputflags in SKILL.md. - Boundary markers: No delimiters or protective instructions are used to wrap external content in the provided command examples.
- Capability inventory: The skill has the capability to execute shell commands and create new executable actions based on these inputs.
- Sanitization: There is no documentation of input sanitization or validation before interpolation into command-line arguments.
Audit Metadata