appmachine
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the
@membranehq/clipackage and usesnpxfor executing vendor-specific tools. These are official resources associated with the skill's author (membranedev). - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line interface to manage authentication, discover integration actions, and execute requests against the Appmachine API. - [PROMPT_INJECTION]: The skill ingests data from external API responses via the Membrane proxy. This represents a potential surface for indirect prompt injection if external data contains malicious instructions; however, this is a general risk factor for integration skills and no specific exploits were found. Ingestion points include terminal outputs from action lists and run commands (SKILL.md).
Audit Metadata