devrev
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to use the
membraneCLI for managing DevRev data, including listing records, executing pre-built actions, and performing raw API requests through a secure proxy.\n- [EXTERNAL_DOWNLOADS]: The documentation recommends the global installation of the@membranehq/clinpm package. This is the official command-line tool provided by the vendor (membranedev) for the platform the skill integrates with.\n- [PROMPT_INJECTION]: The skill processes untrusted data retrieved from external DevRev objects, which constitutes a surface for indirect prompt injection.\n - Ingestion points: Data enters the context via the output of
membrane action runandmembrane requestcommands (found in SKILL.md).\n - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the provided instructions.\n
- Capability inventory: The skill can execute shell commands and perform write operations to external services via the CLI (found in SKILL.md).\n
- Sanitization: No explicit sanitization or validation logic for the retrieved external content is documented within the skill instructions.
Audit Metadata