dynapictures
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package. This is a vendor-provided tool used to manage authentication and API interactions.- [COMMAND_EXECUTION]: The skill uses the 'membrane' CLI to perform operations such as logging in, creating connections, and running API actions. These commands are part of the intended functionality for interacting with the Membrane platform.- [PROMPT_INJECTION]: The skill processes external data from the DynaPictures API, creating a surface for indirect prompt injection where instructions embedded in images, tags, or workspace metadata could influence agent behavior.
- Ingestion points: Data retrieved from DynaPictures API via 'membrane action run' and 'membrane request' (SKILL.md)
- Boundary markers: None specified in the documentation
- Capability inventory: Execution of arbitrary API requests and actions via the 'membrane' CLI (SKILL.md)
- Sanitization: No sanitization or validation of API response content is described
Audit Metadata