google-sheets
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the
@membranehq/clipackage via npm. This is a verified tool belonging to the skill's author (membranedev) used for managing the integration lifecycle. - [COMMAND_EXECUTION]: The skill utilizes the
membraneCLI for operational tasks such as account authentication (membrane login), connection management (membrane connect), and executing spreadsheet actions (membrane action run). These commands are standard for the intended functionality of the integration. - [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface because it reads data from external Google Sheets. If a spreadsheet contains malicious instructions, they could be ingested by the agent. However, this is an inherent property of any data-retrieval skill and is documented here as a functional surface rather than a direct threat.
Audit Metadata