Skills
skills/membranedev/application-skills/apollo/Gen Agent Trust Hub

apollo

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the NPM registry. This is a vendor-owned tool used to facilitate communication with the integration platform.
  • [COMMAND_EXECUTION]: The skill operates by executing shell commands (npm, npx, and membrane). These commands are used for installation, authentication, and managing integration actions. This is the primary intended behavior of the skill.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection and potential command injection by interpolating user-provided text into shell command arguments.
  • Ingestion points: User-provided intents and descriptions are passed directly to membrane action list --intent and membrane action create commands in SKILL.md.
  • Boundary markers: None are used to separate the user-provided strings from the command flags in the provided examples.
  • Capability inventory: The agent can execute shell commands, manage connections, and perform network operations via the Membrane CLI.
  • Sanitization: There is no evidence of sanitization or escaping for the interpolated strings in the provided instruction set.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 08:34 AM