the-graph
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official
@membranehq/clipackage via npm. This tool is part of the vendor's infrastructure and is used for interacting with the Membrane platform. - [COMMAND_EXECUTION]: The instructions direct the agent to execute shell commands using the
membraneCLI to authenticate, create connections, and run data-retrieval actions. - [PROMPT_INJECTION]: The skill processes external data queried from The Graph subgraphs. This creates a surface for indirect prompt injection if retrieved data contains malicious instructions. However, the skill provides a managed integration through the Membrane platform, which is designed to handle such data interactions safely.
Audit Metadata