getaccept
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install the @membranehq/cli package from the public npm registry. This is a legitimate infrastructure component provided by the platform vendor to facilitate service integration.
- [COMMAND_EXECUTION]: The skill utilizes the membrane command-line tool to manage connections, search for available actions, and execute API requests. These commands are restricted to the operational scope of the platform.
- [PROMPT_INJECTION]: The skill interacts with external document, contact, and user data from the GetAccept API, creating a surface for indirect prompt injection. * Ingestion points: Data entering via actions like list-documents, get-document, and list-users in SKILL.md. * Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between platform commands and untrusted remote data. * Capability inventory: The skill performs subprocess execution using the membrane CLI as defined in the provided instructions. * Sanitization: No specific filtering or validation mechanisms for the remote API data are implemented in the skill description.
Audit Metadata