appwrite
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the @membranehq/cli package globally from the npm registry. This package is the official command-line tool for the Membrane platform.
- [COMMAND_EXECUTION]: The agent is directed to execute various membrane CLI commands to manage authentication, search for connectors, and interact with the Appwrite API.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it retrieves data from the Appwrite API and processes it within the agent's context.
- Ingestion points: Untrusted data enters the context via the output of membrane action run and membrane request commands.
- Boundary markers: The instructions do not define specific delimiters or warnings to isolate external API data from the agent's core instructions.
- Capability inventory: The agent can execute shell commands and perform authenticated network requests via the CLI.
- Sanitization: No data validation or sanitization of the ingested API content is specified in the skill instructions.
Audit Metadata