bannerbear
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the
@membranehq/clinpm package, which is the official tool from the author for managing connections.- [COMMAND_EXECUTION]: The integration operates by executingmembraneCLI commands to list, create, and manage Bannerbear media assets.- [PROMPT_INJECTION]: As an integration that processes external API data, the skill presents a surface for indirect prompt injection. Ingestion points: API outputs frommembranecommands inSKILL.md. Boundary markers: None defined. Capability inventory: Shell command execution via the CLI tool inSKILL.md. Sanitization: Not specified.- [SAFE]: Security is enhanced by the skill's reliance on Membrane's managed connection system, which prevents the need for manual API key handling or exposure of credentials in the environment.
Audit Metadata