cyfe
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry and utilizesnpxto run the latest version of the tool. These resources are provided by the platform vendor for interacting with their services. - [COMMAND_EXECUTION]: The skill provides a variety of shell commands using the
membraneCLI to perform tasks such as logging in, searching for connectors, establishing connections, and running API actions. These commands are standard for the integration's functionality. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes data retrieved from the Cyfe API and dynamic action definitions from the Membrane platform.
- Ingestion points: Data entering the agent context via
membrane action list,membrane action run, andmembrane requestcommands in SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill text.
- Capability inventory: The agent has the ability to execute shell commands using the
membraneCLI as documented in SKILL.md. - Sanitization: No specific sanitization or validation steps for external data are described in the instructions.
Audit Metadata