ecologi
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the
@membranehq/clipackage from the public npm registry to interact with the Membrane platform. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line interface to manage user authentication, establish connections to the Ecologi service, and execute API actions. This is the primary mechanism for the skill's functionality. - [PROMPT_INJECTION]: The skill is designed to process data retrieved from the external Ecologi API, which represents a potential surface for indirect prompt injection if the remote data contains malicious instructions.
- Ingestion points: Untrusted data enters the agent context through the output of
membrane action runandmembrane requestcommands in SKILL.md. - Boundary markers: The instructions do not define specific delimiters or instructions for the agent to treat API responses as untrusted data.
- Capability inventory: The skill allows for command execution via the
membraneCLI and network requests to the Ecologi API. - Sanitization: No explicit sanitization or validation of the remote API content is performed before the agent processes it.
Audit Metadata