awesome-support
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage via npm. This is the official command-line interface for the Membrane platform, used to manage authentication and API interactions. - [COMMAND_EXECUTION]: The skill documentation provides instructions for executing various
membraneCLI commands, such asmembrane login,membrane connect, andmembrane action run. These commands are used to interact with the Awesome Support API and manage service connections. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted data from the Awesome Support ticketing system.
- Ingestion points: Data enters the agent context through ticket records, replies, and customer information retrieved via the
membrane action runandmembrane requestcommands as described inSKILL.md. - Boundary markers: The instructions do not define clear delimiters or use "ignore embedded instructions" directives when handling content from support tickets.
- Capability inventory: The skill has the capability to perform network operations (via
membrane request) and execute administrative actions within the support system (viamembrane action run). - Sanitization: There is no evidence of sanitization or content filtering for the data retrieved from external ticket sources.
Audit Metadata