Skills
skills/membranedev/application-skills/sheety/Gen Agent Trust Hub

sheety

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package via npm. This is a vendor-official tool provided by Membrane for integration purposes.\n- [COMMAND_EXECUTION]: The skill uses the membrane CLI for operations like login, connect, and action run. These commands are standard for the skill's functionality.\n- [SAFE]: The skill uses platform-managed authentication, which avoids the need for users to provide or store raw API keys locally.\n- [PROMPT_INJECTION]: The skill processes data from Sheety spreadsheets, creating a surface for indirect prompt injection.\n
  • Ingestion points: Data returned from Sheety via membrane action run in SKILL.md.\n
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are provided.\n
  • Capability inventory: The skill can read, search, and run actions (including write operations) on spreadsheet data.\n
  • Sanitization: No explicit sanitization or validation of spreadsheet content is defined.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:49 PM
Security Audit — agent-trust-hub — sheety