Skills
skills/membranedev/application-skills/riskadvisor/Gen Agent Trust Hub

riskadvisor

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package via NPM, which is the official command-line utility for the Membrane platform.
  • [COMMAND_EXECUTION]: Uses the membrane CLI to perform login, establish connections, and run actions, including the capability to dynamically create new actions based on user descriptions via membrane action create.
  • [REMOTE_CODE_EXECUTION]: Executes logic on the Membrane platform through the action run and action create commands, which is the core functionality of the vendor's integration ecosystem.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from RiskAdvisor via membrane action run. Boundary markers and sanitization steps are not explicitly defined in the instructions, and the skill has the capability to execute or create actions on the platform based on this data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 07:59 AM