wrk
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the @membranehq/cli package from the official NPM registry. This is a vendor-managed tool for interacting with the Membrane platform and is considered a trusted resource from the skill author.
- [COMMAND_EXECUTION]: Executes shell commands via the membrane CLI for authentication, connection management, and task execution.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because user-provided input is interpolated directly into CLI command arguments without sanitization or boundary markers.
- Ingestion points: User-provided queries passed to the --intent flag and parameter values in the --input flag within the CLI commands.
- Boundary markers: Absent; user input is placed directly within the command strings.
- Capability inventory: The agent can execute shell commands through the CLI (membrane action run, membrane action list).
- Sanitization: No validation or escaping is performed on user data before it is passed to the shell.
- [METADATA_POISONING]: The skill's documentation contains a misleading 'Official docs' link (https://github.com/wg/wrk) that points to an HTTP benchmarking repository, which is unrelated to the workforce platform described in the skill's metadata.
Audit Metadata