survicate
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download the official CLI tool from the npm registry using
npm install -g @membranehq/cli@latest. - [COMMAND_EXECUTION]: The integration relies on the
membraneCLI to perform all operations, including authentication (membrane login), connection management (membrane connect), and data manipulation (membrane action run). These are standard operational commands for the platform. - [SAFE]: Authentication is handled through a secure browser-based flow or a headless authorization URL, delegating secret management to the Membrane platform and avoiding the use of hardcoded credentials or local environment variables for secrets.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from the Survicate API.
- Ingestion points: Data retrieved and displayed via
membrane action listandmembrane action run. - Boundary markers: Absent; instructions do not specify delimiters for external data.
- Capability inventory: The skill can execute actions that modify external data (
membrane action run) and create new integration logic (membrane action create). - Sanitization: No explicit sanitization of external data is performed before it is presented to the agent.
Audit Metadata