Skills
skills/membranedev/application-skills/schoology/Gen Agent Trust Hub

schoology

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to install the @membranehq/cli package from the NPM registry. This is a legitimate tool provided by the vendor (membranedev/membranehq) to support the skill's functionality.
  • [COMMAND_EXECUTION]: The instructions involve executing various membrane CLI commands, such as login, connect, and action run. These commands are used to manage authentication and interact with the Schoology API via the Membrane platform.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from Schoology (an external LMS). 1. Ingestion points: Data retrieved through membrane action list and membrane action run. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided. 3. Capability inventory: The agent can execute shell commands via the Membrane CLI. 4. Sanitization: No sanitization or validation of the retrieved LMS data is documented in the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 08:19 PM
Security Audit — agent-trust-hub — schoology