basin
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the Membrane CLI (@membranehq/cli) from the npm registry. This is a known tool from the vendor used for authentication and API management.
- [COMMAND_EXECUTION]: Utilizes the 'membrane' CLI to perform operations such as authentication, action discovery, and executing Basin API requests.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection from processing external data.
- Ingestion points: External form submission data processed in SKILL.md via 'list-submissions' or 'get-submission'.
- Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded instructions in the form data.
- Capability inventory: The skill can manage forms and webhooks or perform arbitrary requests through 'membrane request'.
- Sanitization: Absent; no validation or escaping of external data is provided.
Audit Metadata