envoy
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Interaction with Envoy is performed through the @membranehq/cli tool, which is a resource associated with the skill's author context. Authentication is managed via the vendor platform, avoiding local secret storage.\n- [PROMPT_INJECTION]: The skill metadata in SKILL.md contains an inaccurate description, listing CRM-related objects (Deals, Leads, Projects) which do not belong to the Envoy service. This represents deceptive or poorly maintained metadata.\n- [PROMPT_INJECTION]: The skill processes external data from Envoy API responses, creating a surface for indirect prompt injection.\n
- Ingestion points: Data from
membrane action list,membrane action run, andmembrane requestcommands in SKILL.md.\n - Boundary markers: None identified. The instructions do not provide delimiters or warnings for the agent regarding external data.\n
- Capability inventory: The skill can execute shell commands via the Membrane CLI to interact with external systems.\n
- Sanitization: No sanitization or validation of external input is implemented.
Audit Metadata