api-void
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends the global installation of the @membranehq/cli Node.js package, which is the official tool provided by the vendor for platform interaction.
- [COMMAND_EXECUTION]: Uses the membrane CLI to perform authenticated API requests and execute actions. This behavior is consistent with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill processes user input and external API data, creating a surface for indirect prompt injection.
- Ingestion points: Input passed to 'membrane action run' and data retrieved via 'membrane request'.
- Boundary markers: None.
- Capability inventory: CLI execution for network operations and action running.
- Sanitization: None identified within the skill markdown.
- [DATA_EXFILTRATION]: No sensitive local data access or unauthorized exfiltration patterns were identified. Authentication is managed server-side by the platform.
Audit Metadata