coda
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official Membrane CLI package (@membranehq/cli) from the NPM registry to facilitate communication with Coda. This is a vendor-owned resource.
- [COMMAND_EXECUTION]: Utilizes the Membrane CLI to perform operations such as listing connections, searching for actions, and executing API requests.
- [PROMPT_INJECTION]: The skill processes content from external Coda documents and spreadsheets, which constitutes an indirect prompt injection surface. Maliciously crafted data within Coda records could potentially attempt to influence the agent's behavior during data retrieval.
- Ingestion points: Data retrieved via actions like list-rows, get-row, and get-doc in the SKILL.md file.
- Boundary markers: None present to distinguish untrusted data from instructions.
- Capability inventory: The skill has capabilities to modify or delete document content via the delete-row, delete-rows, and membrane request commands.
- Sanitization: No explicit validation or filtering of retrieved data is defined in the instructions.
Audit Metadata