reflect
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage from the NPM registry and also usesnpxto run commands. These resources originate from the vendor and are necessary for the skill's intended operation.\n- [COMMAND_EXECUTION]: Multiple shell commands using themembraneCLI are documented, includinglogin,connect, andaction run. These commands are standard for the Membrane platform and are used to manage connections and execute actions within the authorized environment.\n- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes data from external Reflect notes.\n - Ingestion points: Note content and titles are retrieved from Reflect via the
membrane action runcommand.\n - Boundary markers: There are no specific instructions or delimiters provided to the agent to distinguish between instructions and data retrieved from notes.\n
- Capability inventory: The agent has the ability to run existing actions and create new actions (
membrane action create), which could involve network or data operations.\n - Sanitization: No explicit sanitization or validation of the note content is described before the data is processed by the agent.
Audit Metadata