Skills
skills/membranedev/application-skills/whoson/Gen Agent Trust Hub

whoson

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI for managing service connections and running actions. These commands are standard for the Membrane ecosystem and necessary for the skill's functionality.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from npm. This is an official vendor tool and is considered a safe dependency.
  • [REMOTE_CODE_EXECUTION]: Logic is executed on the Membrane platform via membrane action run. The skill also allows creating actions dynamically using membrane action create, which generates code based on user descriptions.
  • [PROMPT_INJECTION]: The skill processes untrusted data from WhosOn chat transcripts, which presents a surface for indirect prompt injection.
  • Ingestion points: WhosOn chat transcripts and behavioral data entry points in SKILL.md.
  • Boundary markers: No markers or instructions to ignore embedded commands are present in the skill text.
  • Capability inventory: Access to the membrane CLI and the ability to run or create actions.
  • Sanitization: No data sanitization or validation logic is specified in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 07:39 PM
Security Audit — agent-trust-hub — whoson