Skills
skills/membranedev/application-skills/winston-ai/Gen Agent Trust Hub

winston-ai

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package globally via the NPM registry. This is a vendor-owned package used to interact with the Membrane platform.
  • [COMMAND_EXECUTION]: The skill relies on the execution of the membrane CLI for operations such as authentication, listing connections, and running actions. These commands are executed locally but interact with the vendor's cloud service.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by interpolating user-provided query strings into CLI command flags.
  • Ingestion points: User-provided intent queries passed to the --intent flag of the membrane action list command in SKILL.md.
  • Boundary markers: No explicit delimiters or boundary markers are used to encapsulate the user-supplied query.
  • Capability inventory: The skill has the ability to execute shell commands and perform authenticated network requests via the CLI.
  • Sanitization: There is no evidence of sanitization or escaping of user input before it is passed to the command-line interface.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 11:05 AM