1s2u
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform operations such as user authentication (membrane login), connection setup (membrane connect), and executing API actions (membrane action run). These commands are standard for the skill's intended functionality. - [EXTERNAL_DOWNLOADS]: The instructions require the installation of the
@membranehq/cliglobal package via npm. This package is a legitimate resource owned by the vendor (Membrane). - [PROMPT_INJECTION]: The skill processes external data from the 1S2U API (such as SMS messages or lookup results), which introduces a surface for indirect prompt injection if the fetched content contains malicious instructions intended to influence the agent's behavior.
- Ingestion points: Data returned from
membrane action runandmembrane requestcommands. - Boundary markers: None explicitly defined in the instruction set; the agent relies on the underlying platform's handling of CLI output.
- Capability inventory: The skill can execute shell commands via the CLI and perform network requests through the Membrane proxy.
- Sanitization: No explicit sanitization or filtering of API responses is described within the skill instructions.
Audit Metadata