aha
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
membraneCLI for operations including login, connection setup, and action execution. These commands are integral to the skill's purpose and use the vendor's specialized tooling. - [EXTERNAL_DOWNLOADS]: The instructions guide users to install the
@membranehq/clipackage globally via npm. This package is hosted on the public npm registry and is the official tool for the Membrane platform. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by using natural language strings for action discovery and creation without explicit boundary markers or sanitization within the command structure.
- Ingestion points: Natural language input used in CLI arguments like
--intentand--description. - Boundary markers: Not present in the provided command templates.
- Capability inventory: The skill is capable of running logic against a connected service and creating new actions dynamically.
- Sanitization: No input validation or filtering is defined in the skill's instructions.
Audit Metadata