Skills
skills/membranehq/agent-skills/integrate-anything/Gen Agent Trust Hub

integrate-anything

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the @membranehq/cli package from the public NPM registry using npx. This is the official tool provided by the skill author to facilitate the integration.
  • [COMMAND_EXECUTION]: Shell commands are used extensively to interact with the Membrane platform, including logging in, managing connections, and executing actions on external APIs.
  • [DATA_EXFILTRATION]: The skill transmits connection parameters, action inputs (such as message text or task details), and authentication tokens to https://api.getmembrane.com. This is the documented and intended operational flow for the Membrane service.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes data from external, untrusted sources such as Slack messages or Jira tickets.
  • Ingestion points: Data enters the agent's context through the output of npx @membranehq/cli action run (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions are used to separate external data from the agent's core instructions.
  • Capability inventory: The agent can execute shell commands via npx and make network requests to the Membrane API (SKILL.md).
  • Sanitization: The instructions do not describe any mechanisms for validating or escaping content retrieved from external apps before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 07:53 PM