Skills
skills/membranedev/application-skills/you-can-book-me/Gen Agent Trust Hub

you-can-book-me

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the @membranehq/cli tool to perform operations such as authentication, connection management, and action execution. Commands like membrane login, membrane connect, and membrane action run are core to the skill's operation.
  • [EXTERNAL_DOWNLOADS]: Instructions include downloading and installing the @membranehq/cli package from the official NPM registry.
  • [REMOTE_CODE_EXECUTION]: The skill provides mechanisms to dynamically generate and execute code through the membrane action create and membrane action run commands. These actions are built from natural language descriptions and run on the Membrane platform, which is the intended behavior for this integration platform.
  • [DATA_EXFILTRATION]: The skill possesses an indirect prompt injection surface (Category 8) due to its interaction with untrusted external data from the You Can Book Me service.
  • Ingestion points: Data enters the agent context via booking pages, booking forms, and custom fields processed during action execution.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the prompt templates.
  • Capability inventory: The skill has the ability to run arbitrary actions (membrane action run) and create new ones (membrane action create) based on processed data.
  • Sanitization: There is no evidence of sanitization or validation of the data retrieved from the external service before it is used to influence further agent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 06:50 PM