The Agent Skills Directory

[SAFE]: No evidence of malicious code, data exfiltration, or obfuscation was found in the skill. It is a legitimate integration provided by the Membrane author.- [EXTERNAL_DOWNLOADS]: The skill references the @membranehq/cli package for installation via npm. This is an official vendor resource used for interacting with the Membrane platform and is considered safe.- [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to perform actions such as connecting to services, listing actions, and running API requests. These commands are integral to the skill's primary function and do not pose a security risk in this context.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from the Crowd.dev API. Ingestion points: Data is ingested through membrane action run and membrane request (SKILL.md). Boundary markers: None identified. Capability inventory: The skill can execute CLI commands and network requests via the Membrane proxy (SKILL.md). Sanitization: No explicit sanitization or filtering of API responses is documented within the skill.

crowddev