amity
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the @membranehq/cli package. This is a trusted vendor resource used for secure API interaction and session management.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform legitimate tasks such as authentication (membrane login), connection management (membrane connect), and running API actions. All commands are executed within the context of the vendor's secure framework.
- [PROMPT_INJECTION]: The skill interacts with external social data from Amity, representing a potential surface for indirect prompt injection. Ingestion points: Data is retrieved from Amity posts, messages, and profiles via the membrane CLI as described in SKILL.md. Boundary markers: Not explicitly defined in the skill instructions. Capability inventory: The skill can execute actions and send proxy requests to the Amity API using the membrane command. Sanitization: Relies on the underlying LLM's guardrails and Membrane's action schemas.
Audit Metadata