feathery
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the Membrane CLI (
@membranehq/cli) from the official NPM registry, which is a well-known service. - [COMMAND_EXECUTION]: Utilizes the
membranecommand-line interface to manage authentication, search for connectors, and execute actions against the Feathery API. - [PROMPT_INJECTION]: The skill processes untrusted data from external sources (Feathery forms and user submissions), which presents a surface for indirect prompt injection.
- Ingestion points: Data entering through
list-submissions,get-user-data, andget-formactions inSKILL.md. - Boundary markers: No explicit delimiters or warnings to ignore embedded instructions are provided in the prompt templates.
- Capability inventory: The skill can execute state-changing actions via
membrane action runand arbitrary API calls viamembrane request. - Sanitization: There is no evidence of sanitization or validation of the retrieved form content before it is processed by the agent.
Audit Metadata