ez-texting
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from the NPM registry. This is the official command-line tool for the Membrane platform, which is the authoring organization for this skill. - [COMMAND_EXECUTION]: The instructions direct the agent to use the
membraneCLI for managing connections, searching for actions, and making API requests. These commands are standard operations for the platform's integration framework. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from the EZ Texting API (e.g., contact information or campaign responses).
- Ingestion points: Data received from the EZ Texting API via
membrane action runandmembrane requestcommands (SKILL.md). - Boundary markers: Absent; there are no specific instructions to treat the API output as untrusted or to wrap it in delimiters.
- Capability inventory: The skill uses the
membraneCLI to execute actions and network requests across all described operations. - Sanitization: No sanitization or validation of the external API responses is mentioned in the prompt instructions.
Audit Metadata