digi
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends installing the
@membranehq/clipackage globally via npm, which is an official tool from the vendor.\n- [COMMAND_EXECUTION]: Instructs the agent to execute shell commands such asmembrane login,membrane action run, andmembrane requestto interact with the service as part of its primary workflow automation functionality.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data retrieved from the external Digi platform records.\n - Ingestion points: Records and advertising campaign data retrieved via
membrane action runandmembrane requestas described in SKILL.md.\n - Boundary markers: None are explicitly defined in the instructions to separate untrusted data from instructions.\n
- Capability inventory: The skill has the capability to execute actions on the platform and perform proxied network requests via the
membranecommand.\n - Sanitization: No specific data validation, escaping, or sanitization steps are documented for the retrieved content.
Audit Metadata