courier
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute various
membraneCLI commands to manage the integration, including searching for connectors, listing connections, and running specific actions.- [EXTERNAL_DOWNLOADS]: The skill relies on the@membranehq/clitool, which is installed via npm. This is a standard platform component from a recognized author and is used to facilitate secure communication with the Courier API.- [PROMPT_INJECTION]: Because the skill processes data from the Courier API (such as message templates and notification logs), there is an inherent surface for indirect prompt injection. * Ingestion points: API response data from Courier message records, audit logs, and templates as described in SKILL.md. * Boundary markers: Not present in the current skill instructions. * Capability inventory: Includes execution of actions via the Membrane platform and arbitrary HTTP requests through the platform's proxy. * Sanitization: No specific sanitization or validation of the ingested API data is defined in the instructions.
Audit Metadata