Skills
skills/membranedev/application-skills/storyscale/Gen Agent Trust Hub

storyscale

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the NPM registry. This is a vendor-provided tool required for the skill's primary function of interacting with the Membrane platform.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with the membrane CLI for authentication, connection management, and running actions.
  • [PROMPT_INJECTION]: Surface for indirect prompt injection is identified as the skill processes external data.
  • Ingestion points: External data enters the agent context through the output of membrane action list and membrane action run commands in SKILL.md.
  • Boundary markers: The instructions do not specify explicit boundary markers or delimiters to isolate data returned from StoryScale actions.
  • Capability inventory: The skill possesses the capability to execute shell commands and manage remote connections via the CLI as described in SKILL.md.
  • Sanitization: No specific sanitization or validation steps for external action outputs are defined within the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 11:05 AM