apisecai
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the '@membranehq/cli' package from the NPM registry. This is a vendor-specific tool used for managing connections and interacting with the Membrane platform.
- [COMMAND_EXECUTION]: The skill executes various 'membrane' CLI commands to search for connectors, authenticate users, list connections, and run actions against the Apisec.ai API.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted data from the Apisec.ai API. Evidence: 1. Ingestion points: Data returned from 'membrane action run' and 'membrane request' commands. 2. Boundary markers: None identified in the provided instructions to distinguish between system instructions and API content. 3. Capability inventory: The skill has the ability to install packages and execute shell commands. 4. Sanitization: There is no evidence of sanitization or validation of the external API content before it is processed by the agent.
Audit Metadata