Skills
skills/membranedev/application-skills/aikido-security/Gen Agent Trust Hub

aikido-security

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the installation of the @membranehq/cli package via npm. This is an official tool from the skill's author (membrane) used for interacting with their platform and managing integrations.
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform operations such as logging in, searching for connectors, and running actions. These commands are part of the intended functionality for the Membrane ecosystem.
  • [PROMPT_INJECTION]: The skill processes findings and data from the Aikido Security API, which presents a surface for indirect prompt injection if external data contains malicious instructions.
  • Ingestion points: Data retrieved via membrane action run and membrane request commands.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded content are provided in the skill documentation.
  • Capability inventory: The skill utilizes subprocess execution of the membrane CLI to interact with external services.
  • Sanitization: No specific sanitization or validation logic is described for the data returned from the Aikido Security API.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 08:56 AM