Skills
skills/membranedev/application-skills/docusign/Gen Agent Trust Hub

docusign

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Installs the vendor-owned @membranehq/cli package from the official npm registry.
  • [COMMAND_EXECUTION]: Uses the membrane CLI to authenticate users, manage connections, and execute DocuSign actions.
  • [DATA_EXFILTRATION]: Facilitates the movement of document and agreement data between the agent environment and DocuSign via the Membrane proxy as part of its intended functionality.
  • [PROMPT_INJECTION]: The skill processes external API responses and user-provided parameters which could contain instructions. * Ingestion points: DocuSign API outputs and user input passed to the action parameters. * Boundary markers: Command arguments are delimited by shell quotes. * Capability inventory: Command execution via the membrane CLI tool for API interaction. * Sanitization: Not explicitly implemented in the skill body; delegated to the vendor platform's processing of structured data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 05:58 AM