Skills
skills/membranedev/application-skills/blend/Gen Agent Trust Hub

blend

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill uses official vendor tools and adheres to safe credential handling practices.
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the @membranehq/cli package from the official NPM registry, which is a required tool for the integration as provided by the vendor.
  • [COMMAND_EXECUTION]: Utilizes the membrane CLI to perform legitimate operations such as authentication, action discovery, and API requests to the Blend platform.
  • [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection when processing data from the Blend API:
  • Ingestion points: API response data retrieved through membrane action run and membrane request (SKILL.md)
  • Boundary markers: Absent; no delimiters or warnings to ignore embedded instructions
  • Capability inventory: Shell execution of the membrane CLI (SKILL.md)
  • Sanitization: Absent; no validation or escaping of API content mentioned
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 09:51 AM