basecamp
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from npm. This package is owned by the skill vendor and is used for its intended purpose of providing the CLI tool.
- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to perform project management tasks, which involves executing system commands to interact with the Membrane platform and Basecamp API.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it retrieves and processes untrusted data from Basecamp (messages, to-dos, comments). 1. Ingestion points: Data retrieved via 'membrane action run' and 'membrane request' commands. 2. Boundary markers: No markers or instructions to ignore embedded commands are present in the skill instructions. 3. Capability inventory: The agent can execute CLI commands and proxy web requests. 4. Sanitization: No explicit content sanitization or validation is described for the retrieved data.
Audit Metadata