easy-project
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the installation of the
@membranehq/clitool from the npm registry. This is a legitimate utility from the vendor (Membrane) used for authentication and API interaction. - [COMMAND_EXECUTION]: The skill executes
membraneCLI commands to manage Easy Project data. These commands are necessary for the skill's primary functionality. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. • Ingestion points: Data from Easy Project is ingested into the agent context via
membraneCLI outputs (SKILL.md). • Boundary markers: No explicit markers or "ignore instructions" warnings are present. • Capability inventory: Themembrane action runandmembrane requestcommands allow for state-changing operations and network requests (SKILL.md). • Sanitization: No explicit sanitization or validation of external content is described.
Audit Metadata