Skills
skills/membranedev/application-skills/go-upc/Gen Agent Trust Hub

go-upc

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform multiple shell operations using the membrane CLI, including authentication (membrane login), connection management (membrane connect), and data retrieval (membrane action run). These commands are standard for the intended integration.
  • [EXTERNAL_DOWNLOADS]: The instructions require the installation of the @membranehq/cli package from the npm registry. This is a verified vendor resource associated with the skill author 'membranedev'.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it retrieves and processes action schemas and intents from the Membrane platform to dynamically construct commands.
  • Ingestion points: Output from membrane action list and membrane search (SKILL.md).
  • Boundary markers: Absent; the skill relies on JSON parsing of CLI output.
  • Capability inventory: Subprocess execution via the membrane CLI (SKILL.md).
  • Sanitization: Relies on the CLI's internal validation of parameters and the agent's interpretation of structured JSON schemas.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 08:15 PM