1kosmos-blockid
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package via npm. This is a legitimate vendor tool provided by Membrane for platform integration.
- [COMMAND_EXECUTION]: The skill executes membrane CLI commands to perform actions, search for data, and manage connections with 1Kosmos BlockID.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes records, logs, and reports from the 1Kosmos BlockID API. Ingestion points: Output from membrane action run and membrane request. Boundary markers: None. Capability inventory: membrane CLI commands. Sanitization: None detected.
Audit Metadata