edusign
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends installing the official Membrane CLI (@membranehq/cli) from the npm registry to manage platform interactions.
- [COMMAND_EXECUTION]: Instructs the agent to execute shell commands using the membrane CLI for data retrieval and API proxying.
- [PROMPT_INJECTION]: The skill ingests data from external Edusign API endpoints, which is a potential surface for indirect prompt injection.
- Ingestion points: Data retrieved from actions like list-students, list-documents, and custom proxy requests.
- Boundary markers: No delimiters are used to isolate untrusted external content.
- Capability inventory: Shell command execution via the membrane CLI tool.
- Sanitization: No explicit sanitization or schema validation of external responses is performed before processing.
Audit Metadata