aha
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the membrane CLI for various operations including searching, connecting, and running actions. These operations involve shell command execution to interact with the Membrane platform and Aha! API.- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the @membranehq/cli package via npm. This is a vendor-owned resource from the skill author used for authentication and API communication.- [PROMPT_INJECTION]: The skill processes external data from Aha! (such as features, ideas, and records), which introduces a risk of indirect prompt injection if those records contain malicious instructions.
- Ingestion points: Data is retrieved through membrane action run and membrane request commands.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the provided command templates.
- Capability inventory: The agent can execute CLI commands, perform network requests via a proxy, and modify data within the connected Aha! account.
- Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent.
Audit Metadata