florm
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line interface to perform operations such as listing connections, searching for actions, and executing API requests. This is the intended functionality for managing Florm data. - [EXTERNAL_DOWNLOADS]: It requires the installation of the
@membranehq/clipackage via npm. This tool is provided by the vendor to facilitate secure interaction with their integration platform. - [DATA_EXFILTRATION]: The skill demonstrates safe data handling by leveraging Membrane's managed authentication system, which avoids the need for hardcoded credentials or manual API key entry.
- [PROMPT_INJECTION]: The skill processes data from the Florm API, creating a surface for indirect prompt injection. This is a common characteristic of integration skills and does not involve malicious intent.
- Ingestion points: Data returned from
membrane action runandmembrane requestcommands. - Boundary markers: None present.
- Capability inventory:
membrane action run,membrane request,membrane connectcommands. - Sanitization: Not explicitly implemented in the skill instructions.
Audit Metadata