usercom
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI tool using the command
npm install -g @membranehq/cli@latestfrom the official npm registry. This is standard installation procedure for the vendor's own tooling. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI for managing platform authentication (membrane login), creating connections (membrane connect), and discovering or executing actions (membrane action). These operations are scoped to the Membrane service environment. - [DATA_EXPOSURE_AND_EXFILTRATION]: Explicitly recommends against manual API key handling, instead using Membrane's server-side connection management to ensure credentials are never stored locally or handled by the agent directly.
- [INDIRECT_PROMPT_INJECTION]: The skill uses natural language descriptions to search for or dynamically generate new actions via the
membrane action listandmembrane action createcommands. While this introduces a surface for indirect instructions, the logic is processed through the Membrane platform's structured action system.
Audit Metadata