Skills
skills/membranedev/application-skills/sonatype/Gen Agent Trust Hub

sonatype

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the membrane CLI for logging in, managing connections, and executing actions related to Sonatype data. This approach is the standard, secure method for interacting with the Membrane ecosystem.
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to install the @membranehq/cli package from npm, which is the official client for the platform.
  • [PROMPT_INJECTION]: The skill ingests natural language for searching and defining actions, creating a surface for potential indirect instructions within the CLI parameters.
  • Ingestion points: The intent and description parameters in the CLI commands within SKILL.md.
  • Boundary markers: No explicit delimiters are used around the interpolated strings.
  • Capability inventory: Shell execution of the membrane utility and dynamic generation of action logic.
  • Sanitization: Input strings are passed directly to the CLI without specified sanitization steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 08:12 PM