Skills
skills/membranedev/application-skills/decision-journal/Gen Agent Trust Hub

decision-journal

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary functionality is delivered through the execution of the membrane command-line interface (CLI). This includes logging in, connecting to services, searching for actions, and running those actions.
  • [EXTERNAL_DOWNLOADS]: Instructions guide the user to install the @membranehq/cli package globally via npm. This package is provided by the skill's authoring organization (Membrane) and is necessary for the skill's operation.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It retrieves data from an external source (the Decision Journal service) and presents it to the agent.
  • Ingestion points: Data is received from the output of membrane action run and membrane action list commands.
  • Boundary markers: The instructions do not define specific delimiters or provide "ignore embedded instructions" warnings for the agent when processing this data.
  • Capability inventory: The agent is empowered to execute shell commands using the membrane CLI tool based on its interpretation of tasks.
  • Sanitization: There is no evidence of sanitization or filtering of the retrieved content before it is processed by the agent's prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 01:44 AM