senta
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package from the public npm registry. This is a legitimate utility provided by the vendor for managing integrations.
- [COMMAND_EXECUTION]: The skill utilizes the 'membrane' CLI to perform operations such as authentication, service connection, and action execution. These commands are executed in the local environment to facilitate interaction with the Membrane platform.
- [PROMPT_INJECTION]: The skill contains ingestion surfaces where untrusted or user-supplied data, such as action intents and descriptions, are interpolated into shell commands. Specifically:
- Ingestion points: The '--intent', 'DESCRIPTION', and '' parameters in shell commands.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to sanitize or ignore embedded control characters in these inputs.
- Capability inventory: The skill performs subprocess calls via the CLI to run, create, and list actions.
- Sanitization: No evidence of input validation or escaping is present in the instructions.
- [PROMPT_INJECTION]: The skill includes a link to an external repository ('github.com/baidu/Senta') labeled as official documentation. This repository appears to be for a different project (sentiment analysis) than the legal CRM described in the skill, which may cause confusion or influence the agent's behavior through incorrect context.
Audit Metadata