fogbugz
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Suggests installing the
@membranehq/clipackage from NPM. This is a trusted tool provided by the vendor (Membrane) to facilitate secure integrations. - [COMMAND_EXECUTION]: Uses the
membraneCLI to execute pre-defined actions and API requests within FogBugz. These operations are restricted to the functionality of the integration. - [PROMPT_INJECTION]: The skill ingests data from FogBugz (ingestion points: cases, people, projects) and has the capability to perform write operations and generic requests via
membrane action run(capability inventory). While the absence of explicit boundary markers or sanitization creates a surface for indirect prompt injection, this is inherent to its primary purpose as an integration tool and no malicious patterns are present. - [SAFE]: No evidence of malicious behavior, data exfiltration, or obfuscation was found. The skill follows secure authentication patterns by managing credentials through the Membrane platform.
Audit Metadata