shortcut
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the
@membranehq/clipackage from the public NPM registry. This is the official command-line interface for the Membrane platform, provided by the skill author. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as authentication, connection management, and running Shortcut-specific actions. These commands are the intended and documented way to interact with the platform. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it retrieves and processes data from external Shortcut records (such as stories, epics, and comments) through the output of the
membrane action runcommand. - Ingestion points: External data enters the agent's context through the output of CLI actions executed in the terminal, as described in
SKILL.md. - Boundary markers: The instructions do not currently include explicit delimiters or warnings for the agent to disregard instructions that might be embedded within the retrieved Shortcut data.
- Capability inventory: The agent has the capability to execute shell commands via the
membraneCLI, which could be targeted by malicious content in ingested data. - Sanitization: There is no explicit sanitization or filtering of the content returned from the Shortcut API before it is processed by the agent.
Audit Metadata