formio
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliglobal NPM package. This is a verified vendor resource from Membrane used to facilitate secure communication with the Form.io API. - [COMMAND_EXECUTION]: Instructions involve using the
membraneCLI for operational tasks such as searching for connectors, establishing connections, and executing API calls. These commands are standard for the tool's integration logic. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. 1. Ingestion points: Data is read from Form.io via
membrane action runandmembrane request(SKILL.md). 2. Boundary markers: No delimiters or ignore-instructions warnings are present in the provided documentation. 3. Capability inventory: The skill utilizes CLI execution (membrane) to interact with external services. 4. Sanitization: No explicit data sanitization or validation logic is defined in the skill instructions. This surface is inherent to the integration's purpose and does not indicate malicious intent.
Audit Metadata