token
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the
membraneCLI to manage connections, discover available actions, and execute platform workflows. - [EXTERNAL_DOWNLOADS]: Installs and utilizes the
@membranehq/clipackage from the npm registry. This is the official tool provided by the platform for managing integrations. - [PROMPT_INJECTION]: The skill incorporates natural language strings, such as search queries and action descriptions, directly into CLI command arguments. This creates a surface for indirect prompt injection if the inputs are derived from untrusted external data.
- Ingestion points: Inputs for the
--intentparameter inmembrane action listand the description field inmembrane action create(found in SKILL.md). - Boundary markers: No delimiters or instructions are used to distinguish untrusted data from the command context.
- Capability inventory: The skill can execute arbitrary actions on the Membrane platform and perform network operations via the CLI.
- Sanitization: There is no evidence of input validation or escaping for the natural language parameters passed to the shell.
Audit Metadata