boostai
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the npm registry. This is a legitimate vendor tool provided by the skill author to facilitate integration. - [COMMAND_EXECUTION]: Employs the
membraneCLI to execute tasks such as logging into the platform, connecting to the Boost.ai service, and running specific API actions. - [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection by ingesting data from the Boost.ai API.
- Ingestion points: Data retrieved from Boost.ai endpoints via
membrane action runandmembrane request(SKILL.md). - Boundary markers: None identified in the skill instructions.
- Capability inventory: The agent can execute CLI-based API actions and network requests through the vendor's tool (SKILL.md).
- Sanitization: No specific data sanitization or filtering logic is specified for the processed responses.
Audit Metadata