Skills
skills/membranedev/application-skills/sitespeakai/Gen Agent Trust Hub

sitespeakai

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill guides the user to install the @membranehq/cli package globally via npm. This is a standard dependency for the tool's core functionality.
  • [COMMAND_EXECUTION]: Uses shell commands through the membrane CLI tool to perform various tasks, including authentication (membrane login), connection management (membrane connect), and action execution (membrane action run).
  • [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by passing user-defined natural language intents and JSON input directly to CLI commands.
  • Ingestion points: User-provided values for the --intent and --input flags in SKILL.md.
  • Boundary markers: Not present; user input is interpolated directly into command arguments.
  • Capability inventory: Execution of pre-defined or dynamically generated actions via the Membrane platform's CLI.
  • Sanitization: No explicit sanitization or validation steps are described for the external content before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 03:20 AM