uscreen
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package globally using npm. This package is an official tool provided by the vendor (membranedev) to facilitate integration with the Membrane platform.
- [COMMAND_EXECUTION]: The skill utilizes several shell commands via the 'membrane' CLI to handle authentication ('membrane login'), connection management ('membrane connect'), and action execution ('membrane action run'). These operations are consistent with the skill's primary purpose.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the agent processes output from CLI commands that may include content from the external Uscreen service.
- Ingestion points: Output from 'membrane action list' and 'membrane action get' (SKILL.md).
- Boundary markers: None are defined in the instructions to separate agent logic from CLI-retrieved data.
- Capability inventory: Shell command execution via the 'membrane' CLI, including action creation and execution.
- Sanitization: No explicit content filtering or escaping is specified for the data returned by the CLI.
- [SAFE]: The resources, including the npm package and the CLI tool, are owned by the skill's vendor (membranedev). The behavior is transparent and matches the described functionality of a platform integration tool.
Audit Metadata