apaya
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@membranehq/clipackage from the NPM registry. This utility is the official tool provided by the vendor for managing service connections. - [COMMAND_EXECUTION]: The skill operates by executing various
membraneCLI commands to perform tasks such as authentication (membrane login), connection management (membrane connect), and API interaction (membrane action run,membrane request). - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it retrieves and processes data from the external Apaya service.
- Ingestion points: Data enters the context through the output of
membrane action runandmembrane requestcommands. - Boundary markers: The skill does not explicitly define delimiters for external data within the provided instructions.
- Capability inventory: The skill has the ability to execute shell commands via the CLI and perform network requests through the Membrane proxy.
- Sanitization: There is no explicit mention of sanitization or filtering for the data returned from the API before it is processed by the agent.
Audit Metadata