builderio
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@membranehq/clipackage via npm to facilitate interaction with the Membrane integration platform. This tool is the official command-line interface provided by the platform vendor. - [COMMAND_EXECUTION]: Shell commands including
membrane login,membrane action run, andmembrane requestare executed to authenticate, search for connectors, and interact with the Builder.io API. - [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection through data ingestion from external sources.
- Ingestion points: Data such as HTML content, model entries, and API responses are retrieved from Builder.io in SKILL.md using
membrane action runand proxy requests. - Boundary markers: Absent; the instructions do not specify delimiters or warnings to separate external data from system instructions.
- Capability inventory: Includes shell command execution and proxied network requests, providing significant capability if the agent follows instructions embedded in fetched data.
- Sanitization: No explicit sanitization or validation of external content is described before the agent processes the retrieved data.
Audit Metadata