Skills
skills/membranedev/application-skills/whitehat-security/Gen Agent Trust Hub

whitehat-security

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the official @membranehq/cli from the NPM registry to enable platform integration.
  • [COMMAND_EXECUTION]: Executes shell commands via the membrane CLI to manage authentication, connection states, and security workflows.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external action outputs and user-supplied intents.
  • Ingestion points: Untrusted data from external security scans enters the context via membrane action run outputs in SKILL.md.
  • Boundary markers: No delimiters or instructions to ignore embedded directives are used in the provided templates.
  • Capability inventory: The agent can invoke various security operations and manage system connections via the membrane CLI in SKILL.md.
  • Sanitization: No sanitization of output from the security platform is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:53 PM
Security Audit — agent-trust-hub — whitehat-security