Skills
skills/membranedev/application-skills/apitemplateio/Gen Agent Trust Hub

apitemplateio

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI tool (@membranehq/cli) from the NPM registry. This is a vendor-owned resource used for managing authentication and executing API actions.
  • [COMMAND_EXECUTION]: The skill relies on the membrane CLI to perform all service interactions, including running actions like membrane action run and proxying HTTP requests via membrane request. These commands are executed locally to facilitate communication with the APITemplate.io API.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection.
  • Ingestion points: Data from external API responses enters the agent's context through the output of commands like membrane action list, membrane action run, and membrane request in SKILL.md.
  • Boundary markers: No boundary markers or delimiters are specified to isolate external data from the agent's instructions.
  • Capability inventory: The skill can perform network operations, list templates, and generate PDF/image files through the membrane CLI.
  • Sanitization: There is no evidence of sanitization or validation of the content returned by the APITemplate.io service before it is processed by the AI agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 08:55 AM