eventee
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by instructing the agent to run
membraneCLI commands for discovery, connection, and action execution. This standard workflow relies on the Membrane environment for secure execution. - [EXTERNAL_DOWNLOADS]: The instructions prompt the installation of the
@membranehq/clitool from NPM. This is an official utility provided by the skill's author (membranedev) and is a recognized vendor resource. - [PROMPT_INJECTION]: The
descriptionfield in the skill's metadata incorrectly references CRM objects like 'Deals', 'Leads', and 'Pipelines'. This appears to be a documentation copy-paste error from a different skill template rather than a malicious attempt to deceive, but it results in a mismatch between stated metadata and actual event-management functionality. - [INDIRECT_PROMPT_INJECTION]: The skill ingests external data from Eventee, such as attendee registrations and participant details, using commands like
membrane action run. - Ingestion points: Data enters the context via
membrane action runandmembrane requestoutputs (SKILL.md). - Boundary markers: None are specified in the instructions for the agent to use when processing these outputs.
- Capability inventory: The agent can execute shell commands via the
membraneCLI and perform network requests through the proxy. - Sanitization: There is no mention of validation or sanitization for data retrieved from the Eventee API before it is processed by the agent.
Audit Metadata