alchemer
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the @membranehq/cli tool, which is the official command-line interface for the Membrane platform.
- [COMMAND_EXECUTION]: Uses the membrane command-line utility to interact with the Alchemer API, managing survey data and workflows.
- [PROMPT_INJECTION]: The skill provides an interface for reading external data from Alchemer (surveys, responses, etc.), which represents an attack surface for indirect prompt injection if the processed content contains malicious instructions.
- Ingestion points: Data retrieved via membrane action run and membrane request (SKILL.md).
- Boundary markers: No explicit delimiters for external content are defined.
- Capability inventory: Execution of membrane CLI commands and data processing (SKILL.md).
- Sanitization: No specific sanitization or validation steps for retrieved data are mentioned.
Audit Metadata