datawrapper
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is the official tool provided by the vendor to interface with the Membrane platform. - [COMMAND_EXECUTION]: The agent is instructed to use the
membraneCLI locally to perform authentication, list active connections, and execute actions. - [REMOTE_CODE_EXECUTION]: Through the
action createcommand, the skill triggers the generation of logic on the vendor's remote platform based on natural language descriptions. This generated logic is then executed via theaction runcommand. - [PROMPT_INJECTION]: The skill processes natural language input to discover or create actions, creating a surface for indirect prompt injection.
- Ingestion points: Natural language strings are ingested via the
--intentflag inaction listand theDESCRIPTIONargument inaction create(found inSKILL.md). - Boundary markers: There are no specified delimiters or boundary instructions provided to help the agent isolate potentially untrusted input from its core instructions.
- Capability inventory: The skill is capable of executing shell commands (CLI) and triggering the creation and execution of remote logic.
- Sanitization: The instructions do not provide for sanitization or validation of the input strings before they are passed to the CLI commands.
Audit Metadata