castmagic
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clitool via NPM. This is a vendor-provided package essential for managing the integration and authentication. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to perform operations like searching for connectors, running actions, and making API requests. These commands are legitimate for the purpose of interacting with the Castmagic platform. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from the Castmagic API. Ingestion points: Data enters via
membrane action runandmembrane requestcommands. Boundary markers: No explicit markers are used to delimit external data from instructions. Capability inventory: The skill can execute shell commands through the CLI and make network requests. Sanitization: No specific sanitization or filtering of API responses is mentioned in the instructions.
Audit Metadata