ethyca
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI tool to perform operations such as listing connections, running actions, and making proxy requests. These commands are consistent with the integration's described purpose.\n- [EXTERNAL_DOWNLOADS]: The skill instructions include the installation of the@membranehq/cliNPM package. This is the official command-line interface provided by the vendor (Membrane) for interacting with their services.\n- [PROMPT_INJECTION]: The skill processes data from the Ethyca API, creating a surface for indirect prompt injection.\n - Ingestion points: Data enters the context through the output of
membrane action runandmembrane requestcommands defined in SKILL.md.\n - Boundary markers: None are present in the skill instructions to delimit external data from agent commands.\n
- Capability inventory: The agent has the capability to execute platform actions and perform network requests via the Membrane proxy.\n
- Sanitization: There is no explicit mention of sanitizing or validating data received from the external API.
Audit Metadata