dots
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via the NPM registry. This package is an official tool provided by the vendor (membranedev) to facilitate the integration. - [COMMAND_EXECUTION]: All interaction with the Dots! service is performed through shell commands using the
membraneCLI. This includes authentication (membrane login), resource discovery (membrane search), and data manipulation (membrane action run,membrane request). This approach centralizes security and authentication logic within the vendor's tool. - [PROMPT_INJECTION]: The skill processes data retrieved from the Dots! API (such as lists of users, transfers, and payouts). This establishes an attack surface for indirect prompt injection where malicious instructions embedded in the external API's data could influence the agent's behavior.
- Ingestion points: Data is ingested via
membrane action run,membrane connection list, andmembrane requestcommands. - Boundary markers: None observed in the provided instructions; external data is interpolated directly into the context.
- Capability inventory: The agent can execute shell commands via the
membraneCLI and perform file system operations typical of a development environment. - Sanitization: No explicit sanitization or validation of the API responses is described in the prompt logic.
- [METADATA_POISONING]: There is a thematic inconsistency in the documentation. The 'Dots! Overview' section describes a puzzle game, while the 'Popular actions' table describes financial payout and transfer operations (likely referring to the dots.dev financial API). This appears to be a documentation error rather than a malicious deception, as both the repository and homepage point to official vendor resources.
Audit Metadata