resource-guru
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the official npm registry. This is a well-known service and the package is the official tool provided by the vendor (membrane) for interacting with their platform. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to manage connections and execute actions. These commands are standard for the tool's operation and are used to facilitate communication between the agent and the Resource Guru API. - [PROMPT_INJECTION]: The skill processes external data retrieved from Resource Guru (e.g., project and client data). While this creates a surface for indirect prompt injection, it is a standard behavior for integration skills. The use of the Membrane platform as a middle layer provides a structured interface for these interactions. Ingestion points include action outputs described in SKILL.md, and while specific boundary markers are not defined in the instructions, the skill leverages the platform's managed execution environment.
Audit Metadata