formsite
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the Membrane CLI (@membranehq/cli) from the official npm registry. This is a standard tool provided by the skill author (membranedev) for interacting with their platform.
- [SAFE]: Authentication is handled securely through Membrane's connection system, which uses OAuth or server-side credential management to avoid exposing secrets in the skill or to the user.
- [PROMPT_INJECTION]: The skill processes external data from Formsite, such as form results and items. This creates a surface for indirect prompt injection where malicious form content could attempt to influence the agent's behavior. This is a common characteristic of data-processing integrations and is documented here as an inherent surface of the intended functionality.
Audit Metadata