proprofs-project
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the official NPM registry. This is the standard tool provided by the vendor (membranedev) to facilitate the integration. - [COMMAND_EXECUTION]: The skill instructions involve executing
membraneCLI commands to perform authentication, search for actions, and manage project data. These commands are scoped to the intended functionality of the integration. - [CREDENTIALS_UNSAFE]: The skill does not contain hardcoded secrets. It explicitly follows best practices by directing the agent to use server-side connections and never prompts the user for raw API keys or tokens.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it retrieves and processes data from the external ProProfs Project service.
- Ingestion points: Project data and action outputs retrieved via
membrane action run(SKILL.md). - Boundary markers: Absent; there are no specific markers instructing the agent to ignore instructions embedded in retrieved data.
- Capability inventory: Shell command execution via the
membraneCLI and network access to the vendor's platform. - Sanitization: Not explicitly specified in the skill prompt; however, the data is intended for project management tasks.
Audit Metadata