brass
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage globally via npm to interact with the Membrane platform. - [COMMAND_EXECUTION]: The instructions involve executing several shell commands using the
membraneCLI, including authentication (login), connection management (connect), and data operations (action run,request). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from an external source (Brass API).
- Ingestion points: Data enters the agent context through the output of
membrane action runandmembrane request(documented in SKILL.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided documentation.
- Capability inventory: The agent can perform subprocess calls via the
membraneCLI to query or modify data on the Brass platform. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the Brass API before it is processed by the agent.
Audit Metadata