companycam
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI via
npm install -g @membranehq/cli. This is a vendor-owned package from the official NPM registry and is used for authentication and API proxying. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands (e.g.,membrane login,membrane connect,membrane action run) to interact with the CompanyCam service. These commands are restricted to the vendor's platform environment. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes user-generated content (comments, photo descriptions) from CompanyCam.
- Ingestion points: Data enters the context through
membrane action runandmembrane requestcalls that fetch projects, photos, and comments (SKILL.md). - Boundary markers: None identified; external data is not wrapped in markers to distinguish it from instructions.
- Capability inventory: The skill can perform write operations like
create-project,delete-photo, andarchive-projectvia CLI commands. - Sanitization: No explicit sanitization or filtering of fetched API data is documented.
- [METADATA_POISONING]: The 'CompanyCam Overview' section in
SKILL.mdcontains hundreds of irrelevant items, including lists of Kepler planets, historical philosophers, and international organizations. This appears to be low-quality documentation or a generation hallucination but does not contain executable malicious instructions.
Audit Metadata