cohere
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill adheres to security best practices by delegating authentication and credential management to the Membrane platform.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage via npm. This is a recognized vendor resource required for the skill's operation. - [COMMAND_EXECUTION]: Instructions involve using the
membraneCLI for managing connections and executing actions. These commands are part of the intended integration workflow. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes external data from Cohere APIs.
- Ingestion points: Data returned by
membrane action runandmembrane request(SKILL.md). - Boundary markers: No specific delimiters or warnings for embedded instructions are provided in the tool documentation.
- Capability inventory: Access to CLI commands for running actions and making proxy requests (SKILL.md).
- Sanitization: No explicit sanitization or validation of the external API responses is mentioned.
Audit Metadata