feedier
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to install the Membrane CLI tool (@membranehq/cli) globally via NPM, which is a tool provided by the skill author for managing integrations.
- [COMMAND_EXECUTION]: The skill utilizes several CLI commands such as 'membrane login', 'membrane connect', and 'membrane action run' to facilitate the interaction with the Feedier API.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by retrieving external data from Feedier. * Ingestion points: Actions like 'list-feedback' and 'get-report' fetch content from the external platform into the agent's context. * Boundary markers: There are no instructions for the agent to use delimiters or other markers to isolate the untrusted data. * Capability inventory: The agent has the ability to execute further actions or requests using 'membrane action run' or 'membrane request'. * Sanitization: The documentation does not define any sanitization or validation of the content retrieved from external sources.
Audit Metadata