dealmachine
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/cliNPM package, which is a legitimate tool provided by the vendor for integration management. - [COMMAND_EXECUTION]: Utilizes the
membraneCLI to perform authenticated actions and manage DealMachine data, which is appropriate for the skill's stated purpose. - [PROMPT_INJECTION]: The skill functions as an integration that ingests data from the DealMachine API, creating an indirect prompt injection surface.
- Ingestion points: External data enters the context via
membrane action runand proxy requests in SKILL.md. - Boundary markers: No explicit delimiters are used to separate API data from instructions.
- Capability inventory: The skill possesses the ability to create, update, and delete records as documented in SKILL.md.
- Sanitization: Input validation and credential management are performed by the Membrane platform.
Audit Metadata