conveyor
Warn
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits significant metadata poisoning through contradictory information. The name 'Conveyor' is used, but the description describes a packaging tool (conveyor.dev), the action list describes a compliance platform (conveyor.com), and the documentation link points to an unrelated transit service (conveyal.com). This misleading information can result in the agent or user interacting with unintended services or APIs.\n- [COMMAND_EXECUTION]: The skill relies on the agent executing shell commands through the Membrane CLI (
membrane). These commands are used for lifecycle management, including logging in, creating connections, and executing API actions. This is the primary mechanism for the skill's operation.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the@membranehq/cliNode.js package. This is a vendor-controlled tool required to use the integration. While it is from a known entity related to the author, it is an external dependency that must be installed globally.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its ingestion of external API data. Malicious content within Conveyor API responses could potentially influence the agent's logic.\n - Ingestion points: Untrusted data is retrieved via
membrane action runandmembrane requestcommands.\n - Boundary markers: There are no delimiters or instructions provided to the agent to treat API output as untrusted data.\n
- Capability inventory: The agent possesses the capability to run CLI commands and perform network requests via the proxy.\n
- Sanitization: No sanitization or validation of external API content is mentioned or implemented in the instructions.
Audit Metadata