goose
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official Membrane CLI tool (@membranehq/cli) from the public npm registry to manage platform integrations.
- [COMMAND_EXECUTION]: Employs the membrane CLI for administrative tasks such as logging in, searching for connectors, and executing API-linked actions.
- [PROMPT_INJECTION]: Involves potential indirect prompt injection when processing data from the external Goose API.
- Ingestion points: Data returned from action results and proxy requests.
- Boundary markers: None explicitly mentioned in the skill definition.
- Capability inventory: Includes the execution of platform actions and network communication via a proxy.
- Sanitization: No sanitization logic for external API data is described in the provided instructions.
Audit Metadata