trestle
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the vendor-specific CLI tool from the public NPM registry using npm install and npx commands targeting @membranehq/cli.
- [COMMAND_EXECUTION]: The skill relies on executing shell commands via the membrane CLI to perform login, connection management, and data operations.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external Trestle instances which creates a potential surface for indirect prompt injection. 1. Ingestion points: Data retrieved via the membrane action run command. 2. Boundary markers: No explicit delimiters or ignore-instructions markers are present in the provided skill text. 3. Capability inventory: The skill can execute actions (membrane action run) and create new actions (membrane action create) on the platform. 4. Sanitization: There is no evidence of sanitization or filtering of data retrieved from the Trestle API.
- [DYNAMIC_EXECUTION]: The skill uses the membrane action create command to generate new platform logic based on natural language descriptions, which is a form of dynamic logic generation hosted on the vendor platform.
Audit Metadata