superoffice
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage via npm to function. This is a standard dependency for the Membrane platform and matches the vendor's own infrastructure. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations such as logging in, creating connections, and running actions. These commands are necessary for the integration's functionality and are performed through a managed CLI tool. - [SAFE]: No malicious patterns, obfuscation, or hardcoded credentials were detected. Authentication is managed securely through the Membrane platform, avoiding the exposure of sensitive tokens in the skill instructions.
- [SAFE]: Analysis of the indirect prompt injection surface identifies that while the skill ingests data from SuperOffice (SKILL.md), there are no signs of malicious exploitation. Ingestion points: Data entering the agent's context through the output of 'membrane action run' commands. Boundary markers: None identified in the provided instructions. Capability inventory: The skill allows for CLI command execution and the creation of new integration actions. Sanitization: No specific sanitization or filtering logic is provided for the data retrieved from SuperOffice.
Audit Metadata