scaledrone
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill specifies the installation of the '@membranehq/cli' utility from the NPM registry. This package is an official tool from the skill's vendor used to manage integrations.
- [COMMAND_EXECUTION]: The skill utilizes shell commands via the 'membrane' CLI to handle authentication, connection setup, and action execution. These commands facilitate the primary functionality of the skill within the vendor's ecosystem.
- [PROMPT_INJECTION]: The skill processes messaging data from Scaledrone, which presents a surface for indirect prompt injection.
- Ingestion points: Data and message payloads retrieved using 'membrane action run' and connection metadata from 'membrane action list'.
- Boundary markers: There are no specific delimiters or instructions provided to the agent to isolate external data from its own instructions.
- Capability inventory: The skill provides the ability to list, search, and run actions via the CLI, which can include both read and write operations on the Scaledrone platform.
- Sanitization: No explicit mechanisms for validating or sanitizing the content of the messaging data are described in the instructions.
Audit Metadata