trio
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from the public npm registry. This tool is the official command-line interface for the Membrane platform.\n- [COMMAND_EXECUTION]: The skill utilizes local shell commands via the Membrane CLI to perform authentication (membrane login), search for actions, and execute integration logic with the Trio service.\n- [PROMPT_INJECTION]: The skill processes external data from the Trio platform (such as meeting notes and contacts) and translates natural language intents into executable actions, which presents an attack surface for indirect prompt injection. \n - Ingestion points: Data entering the agent context via Trio records (notes, contacts) and natural language intent strings used to search or create actions.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation templates.\n
- Capability inventory: The skill possesses the ability to create and execute actions on the external Trio platform via the
membrane action createandruncommands.\n - Sanitization: No explicit sanitization or filtering of external content is documented before it is processed by the agent or the CLI.
Audit Metadata