gitea
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Mentions the installation of the vendor's CLI tool (@membranehq/cli) from the official npm registry to facilitate API interactions.
- [COMMAND_EXECUTION]: Relies on shell command execution via the membrane CLI for connection management, action execution, and raw API proxying.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: Processes untrusted external data from Gitea repositories, including issue comments, pull request descriptions, and commit messages (SKILL.md).
- Boundary markers: Absent; the instructions do not implement delimiters or warnings to isolate processed repository data from the agent's control logic.
- Capability inventory: Provides extensive modification and destructive capabilities, including deleting repositories (delete-repository), updating repository properties, and making arbitrary authenticated API requests through a proxy (membrane request).
- Sanitization: Absent; there is no specified mechanism for sanitizing or validating the content retrieved from external sources before it is interpreted by the agent.
Audit Metadata