resurface
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from npm. This is an official vendor tool provided by Membrane for managing integrations and authentication. - [COMMAND_EXECUTION]: It utilizes various
membraneCLI commands for authentication, service discovery, and API interaction. These commands are fundamental to the skill's functionality and allow the agent to manage its environment. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting untrusted data through command-line flags like
--inputand--datainSKILL.md. No boundary markers or sanitization processes are defined. The capability inventory includes the ability to run predefined actions or send proxy requests to the Resurface API as documented inSKILL.md. - [CREDENTIALS_UNSAFE]: The skill follows security best practices by explicitly instructing the agent not to handle raw credentials or API keys, instead utilizing Membrane's built-in connection system for secure authentication.
Audit Metadata