disqo
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the official
@membranehq/clitool from the npm registry, which is a vendor-owned resource used for platform interactions. - [COMMAND_EXECUTION]: Employs the
membraneCLI to perform operations such as authentication, connection management, and executing platform actions, which involves running shell commands on the system. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it retrieves and processes data from external sources.
- Ingestion points: Untrusted data enters the agent's context through
membrane action runandmembrane requestcommands when fetching surveys, questions, and responses. - Boundary markers: No explicit delimiters or instructions are provided to help the agent distinguish between integration logic and potentially malicious instructions embedded in external data.
- Capability inventory: The agent has the capability to execute platform-specific commands and make network requests via the
membraneproxy service. - Sanitization: The instructions do not define any validation or sanitization steps for the data retrieved from external API endpoints before it is utilized in the workflow.
Audit Metadata