flourish
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the '@membranehq/cli' package from the npm registry. This is the official command-line interface provided by the skill's author for interacting with the Membrane platform.
- [COMMAND_EXECUTION]: The instructions involve executing various 'membrane' CLI commands (e.g., login, search, connect, action run) to manage the Flourish integration. These commands are necessary for the skill's primary function of data orchestration and visualization.
- [PROMPT_INJECTION]: The skill processes external data from Flourish (visualizations, settings, projects), which represents an indirect prompt injection surface.
- Ingestion points: External data enters the agent context via 'membrane action run' and 'membrane request' outputs.
- Boundary markers: None explicitly defined in the provided instructions.
- Capability inventory: The skill uses subprocess calls to execute the 'membrane' CLI.
- Sanitization: No explicit sanitization or filtering of the Flourish API responses is mentioned.
Audit Metadata