push-by-techulus
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Membrane CLI tool from the public npm registry (
@membranehq/cli). This is a documented dependency provided by the skill's author to facilitate the integration. - [COMMAND_EXECUTION]: The instructions utilize the
membranecommand-line interface to manage authentication, establish connections to the service, and execute API actions. These operations are restricted to the functional scope of the integration. - [DATA_EXFILTRATION]: The skill possesses an attack surface for indirect prompt injection as it ingests data from external Push by Techulus endpoints.
- Ingestion points: Data is retrieved via
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: None explicitly defined in the provided instructions.
- Capability inventory: The agent can execute shell commands via the Membrane CLI and perform network operations through the proxy (SKILL.md).
- Sanitization: No explicit sanitization of the retrieved notification data is mentioned.
Audit Metadata