accelo
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill integrates with Accelo to retrieve and manage data like Jobs, Issues, and Tasks. This data ingestion path presents a potential surface for indirect prompt injection if malicious instructions are embedded within the external Accelo data. * Ingestion points: External data enters the context through
membrane action runandmembrane requestoutputs in SKILL.md. * Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded content. * Capability inventory: The skill utilizes themembraneCLI for subprocess execution and network requests. * Sanitization: No explicit validation or escaping of the retrieved Accelo data is documented. - [EXTERNAL_DOWNLOADS]: Provides instructions to install the
@membranehq/clitool from the NPM registry. This is an expected dependency provided by the skill vendor for platform interaction.
Audit Metadata