Skills
skills/membranedev/application-skills/grist/Gen Agent Trust Hub

grist

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI tool to perform various operations including searching for connectors, managing connections, and executing API actions against Grist.
  • [EXTERNAL_DOWNLOADS]: Instructs the user to install the @membranehq/cli package globally via npm. This package is the official tool provided by the skill's author to facilitate secure communication with external services.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it retrieves and processes data from external Grist tables and documents.
  • Ingestion points: Data enters the agent's context through actions like list-records, run-sql-query, and get-document described in SKILL.md.
  • Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted data from agent instructions.
  • Capability inventory: The skill possesses significant capabilities through the membrane CLI, including the ability to create, update, and delete records, tables, and workspaces.
  • Sanitization: No sanitization or validation logic is specified for the data retrieved from Grist before it is interpreted by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 09:08 AM