wire2air
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the
@membranehq/clipackage from the NPM registry. This is a global installation of the official command-line interface provided by the skill's authoring organization. - [COMMAND_EXECUTION]: The instructions rely on multiple shell commands using the
membraneCLI to handle authentication (membrane login), connection management (membrane connect), and service interaction. - [REMOTE_CODE_EXECUTION]: The skill uses the
membrane action createcommand, which utilizes the vendor's platform to dynamically generate and execute logic based on natural language descriptions provided by the agent. This represents a managed form of dynamic code generation. - [PROMPT_INJECTION]: The skill ingests data from external Wire2Air actions, creating an indirect prompt injection surface where external content could potentially influence the agent's behavior.
- Ingestion points: Data returned from the
membrane action runcommand inSKILL.md. - Boundary markers: Absent; there are no specific instructions or delimiters provided to help the agent distinguish between trusted instructions and untrusted data from action outputs.
- Capability inventory: The agent has access to the
membraneCLI, which allows for listing, creating, and executing arbitrary actions on the connected platform. - Sanitization: None observed; the skill instructions direct the agent to process the JSON output of the actions directly.
Audit Metadata