datagma
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the @membranehq/cli package from the official NPM registry, which is a standard requirement for using the vendor's platform.
- [COMMAND_EXECUTION]: Integration is performed through several shell commands using the membrane CLI tool to manage connections and execute API requests.
- [PROMPT_INJECTION]: The skill processes data from the Datagma API, which creates a surface for indirect prompt injection if the external data contains instructions. 1. Ingestion points: Data returned from membrane action run and membrane request commands. 2. Boundary markers: Not present in the instructions. 3. Capability inventory: Shell execution capabilities via the membrane CLI. 4. Sanitization: No specific sanitization or validation of external input is described.
Audit Metadata