giantcampaign
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI package (
@membranehq/cli) globally via npm. This is a legitimate tool provided by the vendor for managing connections and executing actions. - [PROMPT_INJECTION]: The skill interacts with external data from GiantCampaign, such as subscriber details, campaign notes, and quest information, which could potentially contain malicious instructions intended for indirect prompt injection.
- Ingestion points: Data retrieved from GiantCampaign mailing lists and campaigns through
membrane action runormembrane requestinSKILL.md. - Boundary markers: Absent; the skill does not define specific delimiters to separate untrusted data from the agent's system instructions.
- Capability inventory: The skill has the capability to run shell commands via the
membraneCLI and make network requests via themembrane requestproxy. - Sanitization: Absent; there is no mention of filtering or sanitizing the data fetched from the GiantCampaign API before it is processed by the agent.
Audit Metadata