donedone
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
@membranehq/clipackage, which is the official command-line interface for the Membrane platform. - [COMMAND_EXECUTION]: Executes shell commands through the
membraneCLI to manage connections, retrieve action schemas, and interact with the DoneDone API. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted data from the external DoneDone API.
- Ingestion points: Data enters the agent's context through the output of commands like
membrane action runandmembrane request. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: The skill has broad capabilities to create, update, and delete various resources in DoneDone (tasks, projects, mailboxes).
- Sanitization: There is no mention of sanitization or filtering of the content retrieved from external API responses.
Audit Metadata