demodesk
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the @membranehq/cli package from the NPM registry to facilitate platform operations.- [COMMAND_EXECUTION]: The agent uses CLI commands such as
membrane action runandmembrane requestto perform tasks and interact with the Demodesk API.- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through the ingestion of external meeting and record data. - Ingestion points: Meeting details, attendee names, and company metadata retrieved via the Demodesk API (SKILL.md).
- Boundary markers: The instructions do not specify the use of delimiters or clear markers to isolate external data from instructions.
- Capability inventory: The skill utilizes CLI-based execution and proxy requests, which could be leveraged if malicious data is processed.
- Sanitization: There are no explicit instructions for the sanitization or validation of data fetched from external sources.
Audit Metadata