yonder
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage via npm. This is a vendor-provided tool required for the skill to communicate with the Membrane platform and Yonder API. - [COMMAND_EXECUTION]: The skill relies on executing
membraneCLI commands to manage authentication, connections, and action execution. This is the primary mechanism for the skill's functionality. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection due to its processing of external data.
- Ingestion points: The skill ingests data from Yonder documents, collections, and action outputs via
membrane action runandmembrane action list(SKILL.md). - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its instructions and potentially malicious content embedded within the Yonder data it retrieves.
- Capability inventory: The skill possesses the ability to execute shell commands (via the CLI), run existing actions, and dynamically create new actions based on descriptions (
membrane action create), which provides a pathway for ingested instructions to influence system state. - Sanitization: The instructions do not define any sanitization, filtering, or validation steps for data retrieved from external Yonder sources before processing.
Audit Metadata