uploadcare
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is the official CLI tool provided by the vendor for interacting with the Membrane platform. - [COMMAND_EXECUTION]: The skill uses local shell commands (
membrane login,membrane action run, etc.) to perform authentication and execute operations against the Uploadcare API. These executions are standard for the skill's intended purpose. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from Uploadcare actions via
membrane action run. While boundary markers and explicit sanitization are absent in the instructions, the skill does not possess high-risk capabilities like arbitrary shell execution or direct file-system writes that would facilitate a critical exploit.
Audit Metadata