Skills
skills/membranedev/application-skills/gift-up/Gen Agent Trust Hub

gift-up

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the membrane CLI to perform administrative tasks, manage connections, and execute actions against the Gift Up! API.
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of the @membranehq/cli package, a vendor-provided tool required for the skill's functionality.
  • [PROMPT_INJECTION]: The skill processes external data retrieved from the Gift Up! API, creating a surface for indirect prompt injection where malicious instructions in the data could influence agent behavior.
  • Ingestion points: API responses from actions such as list-items, get-gift-card, and list-gift-cards defined in SKILL.md.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are specified for the ingested data.
  • Capability inventory: The skill possesses state-changing capabilities, including void-gift-card, redeem-gift-card, and arbitrary membrane request execution.
  • Sanitization: No sanitization or validation logic is defined for the content returned by the Gift Up! service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 08:45 PM