uservoice
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a vendor-owned package used to manage the integration. - [COMMAND_EXECUTION]: The skill uses shell commands via the
membraneCLI to authenticate, manage connections, and execute actions. These commands are part of the intended functionality for interacting with the Membrane platform. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it retrieves and processes user-generated content (suggestions and comments) from UserVoice.
- Ingestion points: Data returned from
membrane action runwhen fetching suggestions, comments, or articles. - Boundary markers: The instructions do not currently specify delimiters or warnings for the agent when processing this external data.
- Capability inventory: The agent can create and execute actions within the UserVoice environment using the
membraneCLI. - Sanitization: There is no mention of sanitizing or validating the content retrieved from UserVoice before it is processed by the agent.
Audit Metadata