alumio
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliNode.js package. This is an official vendor-provided tool used to facilitate communication between the agent and the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes several shell commands via the
membraneCLI. These commands are used to manage authentication, discover API actions, and perform data operations within the Alumio environment. - [PROMPT_INJECTION]: Indirect injection surface analysis:
- Ingestion points: External data enters the context through
membrane action runandmembrane requestoutputs (SKILL.md). - Boundary markers: None identified in the provided instructions.
- Capability inventory: The skill allows the agent to execute shell commands (
membraneCLI) and perform network requests through a proxy. - Sanitization: There are no explicit instructions for the agent to sanitize or validate data returned from the Alumio API before further processing.
Audit Metadata