burst-sms
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage globally. This is the official command-line interface for the Membrane platform, which is the vendor of this skill. - [COMMAND_EXECUTION]: The instructions involve executing various
membraneCLI commands to manage authentication, search for connectors, and invoke API actions. These are standard operations for the tool. - [PROMPT_INJECTION]: The skill facilitates reading external data from the Burst SMS service, such as incoming SMS responses. This creates a surface for indirect prompt injection if an attacker sends an SMS containing malicious instructions.
- Ingestion points: Data retrieved from Burst SMS API (e.g.,
get-sms-responsesin SKILL.md). - Boundary markers: None identified in the provided instructions.
- Capability inventory: Capability to perform network requests and execute actions via the Membrane CLI.
- Sanitization: No explicit sanitization of external message content is specified in the skill body.
Audit Metadata