gosquared
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the Membrane CLI (
@membranehq/cli) from the official npm registry. This is a standard requirement for the vendor's ecosystem and targets a well-known package registry. - [COMMAND_EXECUTION]: Uses various shell commands through the
membraneCLI to manage user sessions (membrane login), search for integrations (membrane search), and execute GoSquared API actions (membrane action run). These operations are consistent with the skill's stated purpose of interacting with the GoSquared service. - [PROMPT_INJECTION]: As the skill is designed to retrieve data from GoSquared (e.g., chat messages, person profiles, and event logs), it processes untrusted external data. While this presents a surface for indirect prompt injection, the skill operates within the authenticated context of the Membrane platform which acts as an intermediary for API interactions.
- Ingestion points: GoSquared API via
list-chats,get-chat-messages, andget-personactions. - Boundary markers: Not explicitly defined in the prompt templates.
- Capability inventory: Subprocess execution via
membrane action runandmembrane requestacross all instructions. - Sanitization: Not explicitly documented; the skill relies on the agent's internal handling of tool outputs.
Audit Metadata