gist
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the installation and use of the
@membranehq/clito perform authentication, connection management, and API requests. - [EXTERNAL_DOWNLOADS]: Fetches the vendor-owned
@membranehq/clipackage from the npm registry during the setup process. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection as it retrieves and processes data from an external platform. • Ingestion points: Data returned from Gist API actions such as
list-conversations,list-contacts, andlist-campaigns. • Boundary markers: None identified in the provided instructions. • Capability inventory: Capability to execute shell commands via the CLI, perform network requests, and manage external platform data. • Sanitization: No explicit sanitization or filtering of external content is documented. - [PROMPT_INJECTION]: There is significant metadata confusion; the description and documentation links refer to GitHub Gists, while the functional actions (campaigns, contacts, etc.) correspond to the Gist customer communication platform. This deceptive metadata could cause an agent to operate under the wrong security context or misinterpret retrieved data.
Audit Metadata