advantage-csp
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the @membranehq/cli package globally via npm. This is a legitimate tool provided by the vendor for interacting with their platform.- [COMMAND_EXECUTION]: The skill executes various membrane CLI commands to manage connections and perform actions on Advantage CSP. These operations are restricted to the functionality of the CLI tool and do not involve arbitrary shell command execution.- [PROMPT_INJECTION]: As the skill retrieves data from Advantage CSP, it possesses an indirect prompt injection surface.
- Ingestion points: Data retrieved via membrane action run and membrane request from the Advantage CSP API.
- Boundary markers: None identified in the provided documentation.
- Capability inventory: The skill can execute actions and send HTTP requests through the membrane CLI.
- Sanitization: No explicit sanitization of the external data is described in the integration logic.
Audit Metadata