seven
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is a vendor-owned resource used for authentication and interaction with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes several shell commands to manage the integration via the Membrane CLI, including
membrane login,membrane action list, andmembrane action run. These are used to execute platform-managed tasks and handle authentication. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where the agent processes data from external tool outputs.
- Ingestion points: JSON output from
membrane action listandmembrane action runcommands is ingested into the agent context. - Boundary markers: No specific delimiters or instructions to ignore embedded content within the tool output are provided.
- Capability inventory: The agent has the capability to execute further actions via
membrane action runbased on the ingested data. - Sanitization: There is no evidence of explicit validation or sanitization of the structured data returned by the CLI before it is processed.
- [SAFE]: The documentation URL provided (
https://www.7-pdf.de/support/online-help/7-pdf-website-converter) is inconsistent with the described purpose of the "Seven" habit tracker. While this is misleading metadata, it appears to be a documentation error rather than a malicious redirection.
Audit Metadata