ftrack
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package. This is an official vendor resource for the Membrane platform and is considered safe.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform tasks such as authentication and executing FTrack API actions. These are standard operations for the skill's intended purpose.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data ingested from FTrack. Ingestion points: Data from FTrack projects, tasks, and notes accessed via the CLI. Boundary markers: No specific delimiters or instructions are used to isolate untrusted data. Capability inventory: The skill has the ability to modify FTrack data and perform network requests using the membrane proxy. Sanitization: There is no evidence of sanitization or filtering of the external data before it is processed by the agent.
Audit Metadata