gleap
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package from the official npm registry. This is a utility provided by the vendor to facilitate secure communication with the Membrane platform.
- [COMMAND_EXECUTION]: The integration operates by executing shell commands using the membrane CLI. These commands are necessary for discovering available actions and performing requests to the Gleap API.
- [PROMPT_INJECTION]: The skill processes external data from Gleap, such as bug reports and user comments, which represents an indirect prompt injection surface if the data contains malicious instructions intended to manipulate the agent.
- Ingestion points: Data retrieved from Gleap reports, comments, boards, and tasks.
- Boundary markers: None explicitly defined within the instruction set.
- Capability inventory: The skill possesses the capability to execute shell commands and perform authenticated network requests through the Membrane CLI.
- Sanitization: No explicit sanitization or filtering logic is documented for the incoming Gleap data strings.
Audit Metadata