elmahio
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing @membranehq/cli from the npm registry, which is an official tool from the skill author.
- [COMMAND_EXECUTION]: It utilizes the membrane CLI for service connection and action execution, which are standard operations for this integration.
- [PROMPT_INJECTION]: The skill processes external data from Elmah.io (e.g., messages and logs) that could contain malicious instructions (indirect prompt injection). * Ingestion points: list-messages and get-message in SKILL.md. * Boundary markers: None present. * Capability inventory: membrane action run and membrane request. * Sanitization: None documented.
Audit Metadata