bundleiq
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the official Membrane CLI (
@membranehq/cli) to facilitate authentication and API interactions. This approach centralizes credential management and is the expected workflow for this vendor. - [PROMPT_INJECTION]: The skill interacts with external data from BundleIQ, which introduces a surface for indirect prompt injection.
- Ingestion points: Content is retrieved from BundleIQ documents and sections through
membrane action runandmembrane requestcommands as described inSKILL.md. - Boundary markers: The instructions do not currently define explicit delimiters or 'ignore' instructions for the data retrieved from BundleIQ.
- Capability inventory: The agent can perform file-like operations and network requests via the Membrane platform's CLI tools.
- Sanitization: No specific content sanitization or validation steps are defined for the incoming data stream.
Audit Metadata