release
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official npm registry. This is a vendor-owned CLI tool required for the skill to interact with the Membrane platform. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI for operational tasks including authentication (membrane login), connection management (membrane connect), and running actions (membrane action run). These commands facilitate interaction between the local environment and the Membrane platform infrastructure. - [DATA_EXFILTRATION]: The skill follows secure practices by delegating authentication and credential management to the Membrane platform. No local sensitive files (e.g., SSH keys, AWS credentials) are accessed or transmitted.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it processes user-supplied intents to search for or create actions (e.g.,
membrane action list --intent "QUERY"). While this ingestions point exists, it is a core feature of the platform's natural language action discovery system. - Ingestion points: User-provided strings for action intents and descriptions in
SKILL.md. - Boundary markers: None explicitly defined in the provided CLI examples.
- Capability inventory: The CLI can perform network operations and execute pre-defined or dynamically generated actions on the Membrane platform.
- Sanitization: Not explicitly documented within the skill instructions.
Audit Metadata