bitwarden
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the Membrane CLI via
npm install -g @membranehq/cli@latest. This is an official package from the skill's vendor and is used for the primary functionality of the skill. - [COMMAND_EXECUTION]: The skill uses the
membraneCLI to perform operations like login, connection management, and action execution. These are standard operations for this integration. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted data from Bitwarden and has capabilities to execute further actions.
- Ingestion points: Data returned from
membrane action run(vault items, notes, etc.) enters the agent context (SKILL.md). - Boundary markers: None identified in the prompt instructions to distinguish external data from system instructions.
- Capability inventory: The skill can list actions, create new actions, and run arbitrary actions via the Membrane CLI (SKILL.md).
- Sanitization: No explicit sanitization or validation of the content retrieved from Bitwarden is mentioned before processing.
Audit Metadata