reward-gateway
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
membraneCLI tool for operations such as connection management, action discovery, and running API requests. - [EXTERNAL_DOWNLOADS]: The skill requires the global installation of the
@membranehq/clinpm package, which is a verified resource provided by the author. - [REMOTE_CODE_EXECUTION]: The skill suggests using
npx @membranehq/cli@latest, which dynamically downloads and executes the vendor's CLI tool from the npm registry. - [PROMPT_INJECTION]: The skill processes potentially untrusted content from Reward Gateway (e.g., employee comments, announcements, and articles), which introduces a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through the output of
membrane action runandmembrane requestcommands. - Boundary markers: There are no explicit boundary markers or instructions to treat external data as untrusted in the skill's logic.
- Capability inventory: The skill has the capability to execute CLI commands and interact with external systems through the Membrane proxy.
- Sanitization: The skill does not provide mechanisms for sanitizing or validating API responses before they are processed by the agent.
Audit Metadata