frameio
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI (
@membranehq/cli) from the official NPM registry. This package is owned by the skill's author and is required for the integration to function. - [COMMAND_EXECUTION]: Uses the
membranecommand-line utility to perform authentication, connection management, and Frame.io API interactions. All commands are standard for the platform's operation. - [DATA_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data (such as comments and asset names) from the Frame.io platform via the
membrane action runandmembrane action listcommands. - Ingestion points: External data enters the agent context through the output of Membrane commands (e.g.,
list-comments,get-asset). - Boundary markers: None provided in the instructions.
- Capability inventory: The skill can create, delete, and modify assets and projects via
membrane action runandmembrane request. - Sanitization: No explicit sanitization or validation of the ingested content is defined.
Audit Metadata