whistic
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage via npm. This is a legitimate vendor tool from the skill's author used for platform integration. - [COMMAND_EXECUTION]: The integration relies on the
membranecommand-line tool to perform actions like tenant login and API request proxying, which are standard for this service. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external data from the Whistic API. (1) Ingestion points: Output from Whistic actions and requests. (2) Boundary markers: Absent. (3) Capability inventory: CLI command execution via the
membranetool. (4) Sanitization: No explicit validation or filtering of API data is documented.
Audit Metadata