announcekit
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the user to install the
@membranehq/clipackage globally via npm. This is the official command-line interface provided by the vendor (Membrane) for managing integrations and handling authentication. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI to perform various tasks, including authentication, creating connections, and executing API actions. These are standard operations for interacting with the Membrane platform. - [PROMPT_INJECTION]: The skill processes external content from AnnounceKit, which introduces a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via actions that retrieve activities, feedback, and post details (e.g.,
list-activities,list-feedbacks,get-post). - Boundary markers: The provided documentation does not include explicit delimiters or instructions to ignore embedded commands in the retrieved data.
- Capability inventory: The skill has the ability to execute shell commands through the Membrane CLI and perform network requests via a proxy.
- Sanitization: There is no evidence of sanitization or validation of the external content before it is processed by the agent.
Audit Metadata