badger-maps
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @membranehq/cli package globally via NPM. This is a legitimate utility from the platform vendor (Membrane) used to facilitate the integration.
- [COMMAND_EXECUTION]: The skill utilizes the membrane command-line tool to perform actions such as membrane action run and membrane request. These commands allow the agent to interact with the Badger Maps API and manage project state.
- [PROMPT_INJECTION]: The skill establishes a surface for indirect prompt injection by ingesting and processing data from the Badger Maps API. Ingestion points: Records retrieved from Badger Maps, such as customer details, notes, or check-in data via membrane action run and membrane request commands. Boundary markers: The instructions do not define specific delimiters or warnings to ignore instructions embedded within the retrieved data. Capability inventory: The skill has the capability to write data back to the API (membrane action run) and perform arbitrary HTTP requests through the membrane request proxy. Sanitization: There is no evidence of sanitization or content validation for data retrieved from external API endpoints.
- [SAFE]: The skill demonstrates good security posture by explicitly directing the agent to use Membrane's connection system for authentication, ensuring no API keys or sensitive credentials are handled directly by the agent or stored in the local environment.
Audit Metadata