filescom
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package globally via npm. This is a vendor-provided tool necessary for the skill's functionality.
- [COMMAND_EXECUTION]: The skill makes extensive use of the 'membrane' CLI to perform operations such as authentication ('membrane login'), connection management ('membrane connect'), and executing specific tasks ('membrane action run').
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its interaction with external data.
- Ingestion points: The skill retrieves various types of data from Files.com, including file contents, metadata, and user information, which are then processed by the agent.
- Boundary markers: The instructions do not specify any boundary markers or delimiters to separate untrusted data from agent instructions.
- Capability inventory: The skill possesses capabilities to execute actions ('membrane action run') and make direct API requests ('membrane request') based on its analysis of retrieved data.
- Sanitization: There is no mention of sanitizing or validating input from Files.com before it is incorporated into the agent's decision-making process.
Audit Metadata