airtable
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm. This is the official command-line utility for the Membrane platform and is considered a safe, vendor-owned resource. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI for managing service authentication (login), discovery (search), and interaction (connect,action run). These commands are standard for the tool's intended use and do not exhibit suspicious behavior. - [PROMPT_INJECTION]: The skill retrieves records from Airtable, creating a surface for indirect prompt injection if those records contain instructions that influence the agent's behavior.
- Ingestion points: Airtable records and schema data retrieved via
list-records,get-record, andget-base-schematools. - Boundary markers: The skill does not provide specific instructions or delimiters to isolate untrusted data from the system prompt.
- Capability inventory: The skill can modify Airtable data through
create-records,update-records, anddelete-recordsactions. - Sanitization: No explicit sanitization or content validation is performed on the data fetched from the Airtable API before processing.
Audit Metadata