uniify
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official @membranehq/cli tool from the npm registry. This is the vendor-provided utility for integration management.
- [COMMAND_EXECUTION]: Uses shell commands to interact with the Membrane platform for authentication, connectivity, and data retrieval.
- [PROMPT_INJECTION]: Processes external data from Uniify messaging and documents (ingestion point: action output in SKILL.md). While this represents a surface for indirect prompt injection due to the lack of explicit boundary markers or sanitization logic, the risk is inherent to the primary function of a communication tool. The skill is otherwise well-configured and secure.
Audit Metadata