ravelin
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the official NPM registry. This is the vendor's own tool, used to facilitate interactions with the Ravelin integration and the broader platform. - [COMMAND_EXECUTION]: The skill utilizes local shell commands to invoke the Membrane CLI for tasks such as authentication, searching for available actions, and executing data operations. These operations are restricted to the functionality provided by the CLI.
- [DATA_EXFILTRATION]: Authentication is performed via a managed browser-based flow. This design pattern ensures that sensitive Ravelin credentials (such as API keys and tokens) are handled exclusively by the vendor's server-side infrastructure and are never directly accessible to or stored by the agent.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its ability to ingest and process data from external Ravelin actions.
- Ingestion points: Data returned from the execution of actions via the
membrane action runcommand. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill's logic for processing action outputs.
- Capability inventory: The skill allows the agent to create and run arbitrary Ravelin API actions through the Membrane CLI, providing significant operational capability.
- Sanitization: Content is retrieved as structured data through the vendor's API gateway.
Audit Metadata