carbone
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Membrane CLI (
membrane) to manage connections, search for actions, and execute requests. This is the intended and documented way to interact with the Membrane platform. - [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the NPM registry. This is a standard dependency for using Membrane-powered skills and belongs to the official platform. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes document templates and JSON data that may originate from external sources.
- Ingestion points: External document templates and JSON data payloads entering the agent context via CLI command outputs.
- Boundary markers: No specific delimiters or warnings to ignore embedded instructions are included in the command examples.
- Capability inventory: Shell command execution capabilities provided by the Membrane CLI.
- Sanitization: No explicit input sanitization or validation of external content is performed within the skill instructions.
Audit Metadata