dart
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the @membranehq/cli package from the official npm registry. This is a recognized tool from the skill's author for infrastructure management.
- [COMMAND_EXECUTION]: Instructs the agent to execute membrane CLI commands for connection management and action execution. These operations are within the expected scope for an integration skill.
- [DATA_EXFILTRATION]: Uses the membrane request tool to proxy requests to the Dart API. This is a legitimate capability for the skill's intended purpose.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection via the processing of external API data.
- Ingestion points: Data enters the system through membrane action run and membrane request outputs.
- Boundary markers: No specific delimiters or safety instructions are defined for the handled data.
- Capability inventory: The skill can execute shell commands via the CLI to interact with external services.
- Sanitization: The documentation does not describe specific sanitization or validation of the data retrieved from external sources before agent processing.
Audit Metadata