databowl
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package globally via npm, which is an official tool from the skill's vendor for platform interaction.
- [COMMAND_EXECUTION]: Shell commands are used to log in, connect to the service, and perform data operations like creating and running actions.
- [PROMPT_INJECTION]: The skill presents an indirect injection surface. Ingestion points: outputs from action results and action listing commands. Boundary markers: absent in instructions. Capability inventory: subprocess execution through action runs and dynamic action creation via the CLI. Sanitization: managed by the Membrane platform's core infrastructure.
- [SAFE]: The skill adheres to security best practices by utilizing a managed authentication flow that avoids local storage or manual handling of API keys and secrets.
Audit Metadata