Skills
skills/membranedev/application-skills/slash-graphql/Gen Agent Trust Hub

slash-graphql

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes membrane CLI commands to manage authentication, list connections, and run GraphQL actions.
  • [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package from the official NPM registry to provide the necessary integration tools.
  • [REMOTE_CODE_EXECUTION]: Utilizes the Membrane platform's ability to dynamically create and run integration actions based on descriptions, which is a core feature of the service.
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified:
  • Ingestion points: Data returned from Slash GraphQL via membrane action run commands.
  • Boundary markers: Absent in the prompt templates.
  • Capability inventory: Access to execute shell commands via the CLI and run dynamically created actions.
  • Sanitization: No explicit sanitization or filtering of external API responses is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 06:48 PM