digiteal
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
membraneCLI to interact with the Digiteal platform, which is the intended and standard method for this integration. Use ofmembrane action runandmembrane requestfacilitates API interaction via a managed proxy. - [EXTERNAL_DOWNLOADS]: The skill requires installing the
@membranehq/clipackage from the NPM registry, which is an official tool provided by the vendor. - [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection by processing external data from Digiteal API responses.
- Ingestion points: API response data retrieved via
membrane action runandmembrane requestcommands in SKILL.md. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are defined for the processed external content.
- Capability inventory: The skill can execute actions to manage documents, templates, and users via the Membrane CLI.
- Sanitization: No explicit data validation or sanitization of the API response data is implemented in the instruction set.
- [SAFE]: The skill follows security best practices for credential management by utilizing Membrane's server-side authentication system, ensuring that API keys and tokens are not handled directly by the agent or stored locally.
Audit Metadata