vext
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the @membranehq/cli package from the NPM registry. This package is the official command-line tool for the Membrane platform.
- [COMMAND_EXECUTION]: Uses the membrane CLI to perform operations such as login, connection management, and action execution. These commands are run in the local shell environment.
- [REMOTE_CODE_EXECUTION]: Provides functionality to dynamically generate new actions on the Membrane platform via membrane action create. This results in the server-side creation and subsequent execution of code.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Demonstrates good security posture by explicitly advising against requesting or storing raw API keys, instead utilizing the platform's connection management to handle the authentication lifecycle securely.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data via the membrane action run command, which presents an attack surface for indirect prompt injection.
- Ingestion points: Data enters the system via the --input parameter of the membrane action run command in SKILL.md.
- Boundary markers: The instructions do not define boundary markers or delimiters for untrusted data.
- Capability inventory: The skill can execute various platform actions and shell commands defined in SKILL.md.
- Sanitization: No input validation or sanitization mechanisms are implemented for the data passed to the CLI tools.
Audit Metadata