workiz
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI package (@membranehq/cli) from the npm registry. This is a verified resource provided by the author to facilitate platform interaction.
- [COMMAND_EXECUTION]: The skill uses the 'membrane' command-line interface to perform legitimate tasks such as authentication, connection management, and executing Workiz actions.
- [DATA_EXFILTRATION]: The skill is designed to prevent data exposure by using the Membrane platform to manage authentication tokens server-side, ensuring that sensitive API keys are never stored or handled locally by the agent or user.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it processes data returned from external Workiz actions.
- Ingestion points: Untrusted data from Workiz enters the agent's context through the output of 'membrane action run'.
- Boundary markers: The provided instructions do not specify explicit delimiters or boundary markers for the output data.
- Capability inventory: The skill possesses the ability to execute shell commands (via the 'membrane' CLI) and interact with external APIs through the Membrane service.
- Sanitization: There is no evidence of explicit sanitization or filtering of the external content before it is processed by the agent.
Audit Metadata