Skills
skills/membranedev/application-skills/pubnub/Gen Agent Trust Hub

pubnub

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill requires the global installation of the @membranehq/cli package from npm. This tool is provided by the vendor to facilitate secure authentication and API interaction without exposing local secrets.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs network operations through the membrane CLI to interact with the PubNub API via the vendor's proxy. These actions are used for real-time messaging and data management as described in the skill's documentation.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external data from PubNub channels.
  • Ingestion points: Data retrieved from PubNub via membrane action run or membrane request commands (SKILL.md).
  • Boundary markers: None explicitly defined in the prompt templates.
  • Capability inventory: Shell command execution and network access via the membrane CLI are available to the agent (SKILL.md).
  • Sanitization: No explicit sanitization or filtering of the ingested real-time data is implemented in the provided instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 03:20 AM