section
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or unauthorized data access was detected. The skill is consistent with its stated purpose of managing Section data.
- [EXTERNAL_DOWNLOADS]: The skill references official vendor resources, including the installation of '@membranehq/cli' from the npm registry and links to the 'membranedev' GitHub repository. These are recognized as legitimate resources provided by the skill's author.
- [COMMAND_EXECUTION]: Shell commands are utilized exclusively to interact with the Membrane CLI for authorized operations such as authentication, action discovery, and workflow execution.
- [PROMPT_INJECTION]: The skill includes instructions that interpolate user-supplied data into CLI commands, which presents a surface for indirect prompt injection.
- Ingestion points: The '--intent' argument in action search, the 'DESCRIPTION' argument in action creation, and the '--input' JSON string in action execution.
- Boundary markers: No specific delimiters or safety instructions are included to isolate user-provided data within the command templates.
- Capability inventory: The skill utilizes the 'membrane' CLI to perform network operations and execute pre-defined actions.
- Sanitization: There are no explicit instructions for the agent to sanitize or validate external content before processing it via the CLI.
Audit Metadata