rainforest-qa
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the NPM registry. This is an official command-line tool provided by the vendor for interacting with their platform. - [COMMAND_EXECUTION]: The skill operates by executing shell commands via the
membraneCLI to manage connections, search for actions, and execute tests. - [PROMPT_INJECTION]: The skill instructions create a surface for indirect prompt injection (Category 8) when handling user-supplied input.
- Ingestion points: Untrusted data enters the agent context through the
--intentand--inputparameters described inSKILL.md. - Boundary markers: None. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the user-provided intent or JSON data.
- Capability inventory: The skill has the capability to run shell commands (
membrane action run) and create new executable logic (membrane action create) as documented inSKILL.md. - Sanitization: There is no mention of sanitizing, escaping, or validating the user-provided strings before they are interpolated into the shell command strings.
Audit Metadata