slope
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the official npm registry. This tool is the vendor's own command-line interface for the Membrane platform.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to interact with Slope data. This includes running pre-built actions and dynamically generating new actions based on natural language descriptions via the membrane action create command.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its interaction with external Slope data and the generation of logic from user-provided intents. 1. Ingestion points: Data enters the agent's context through the output of CLI commands like membrane action run and membrane action list. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the skill body. 3. Capability inventory: The agent can execute CLI commands, manage connections, and create new actions on the server side. 4. Sanitization: The skill does not specify any validation or sanitization steps for content retrieved from external Slope API calls before it is processed.
Audit Metadata