campaign-cleaner
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the npm registry, which is the official command-line tool for the vendor.
- [COMMAND_EXECUTION]: Commands such as membrane action run and membrane request are used to interact with the Campaign Cleaner API through the Membrane platform.
- [PROMPT_INJECTION]: The skill processes external HTML content, creating a surface for indirect prompt injection.
- Ingestion points: The get-campaign action retrieves HTML content and analysis results from Campaign Cleaner (SKILL.md).
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt templates.
- Capability inventory: The skill can execute arbitrary actions and API requests via the membrane CLI (SKILL.md).
- Sanitization: No explicit content filtering or sanitization is mentioned in the instructions.
Audit Metadata