smaily
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via npm. As this tool is provided by the skill's author (membrane) to facilitate platform access, this is a standard operational dependency. - [COMMAND_EXECUTION]: The skill executes multiple shell commands using the
membraneCLI to manage connections, discover actions, and run integration logic. This includes commands likemembrane login,membrane connection list, andmembrane action run. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external data from the Smaily platform.
- Ingestion points: Data retrieved through the output of
membrane action run(e.g., email campaign content, contact lists) is fed back into the agent context. - Boundary markers: No specific delimiters or warnings to ignore instructions within the retrieved data are defined in the instructions.
- Capability inventory: The agent has the ability to execute shell commands via the Membrane CLI, write to the filesystem, and perform network requests.
- Sanitization: There is no explicit sanitization or validation logic provided for the data returned from the API calls.
Audit Metadata