appdrag
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage globally via NPM. This is a verified vendor resource from 'membranedev' used to interact with their platform and the AppDrag service securely. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line interface to perform operations such as listing connections, discovering actions, and executing API requests. These commands are necessary for the skill's core functionality. - [PROMPT_INJECTION]: As a data-driven integration that interacts with external AppDrag content (e.g., blog posts, member lists, database records), there is a surface for indirect prompt injection.
- Ingestion points: Data returned from AppDrag actions through the
membraneCLI. - Boundary markers: Not explicitly defined in the instructions.
- Capability inventory: SQL query execution, file system operations, and email dispatching.
- Sanitization: The skill relies on the underlying agent's standard safety protocols for processing external data.
- Ingestion points: Data returned from AppDrag actions through the
Audit Metadata