workiom
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends the global installation of the
@membranehq/clipackage from the npm registry to enable interaction with the Membrane platform. - [COMMAND_EXECUTION]: Utilizes the
membranecommand-line tool to perform various operations, including authentication, connection management, and running workspace actions. - [DYNAMIC_EXECUTION]: Features a
membrane action createcapability which allows for the dynamic generation of new actions on the Membrane platform based on natural language descriptions provided by the user. - [DATA_EXFILTRATION]: Accesses and manages records within Workiom workspaces. This data flow is central to the skill's purpose and is managed through authenticated connections to the vendor's infrastructure.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external Workiom records which may contain untrusted content.
- Ingestion points: Data retrieved via
membrane action runand search results (SKILL.md). - Boundary markers: None specified in the instructions.
- Capability inventory: File system access via CLI, network operations through the platform, and action creation capabilities.
- Sanitization: Instructions do not explicitly define sanitization or validation steps for ingested data.
Audit Metadata