growsurf
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package from the npm registry, which is the official command-line tool for the Membrane platform.
- [COMMAND_EXECUTION]: Uses the membrane CLI to perform operations such as searching for connectors, establishing connections, and running Growsurf actions.
- [PROMPT_INJECTION]: The skill processes data from external Growsurf API responses (e.g., participant names, referral details) which could contain instructions intended to influence agent behavior. 1. Ingestion points: Data retrieved via list-participants, get-participant, and proxy requests. 2. Boundary markers: No explicit delimiters or warnings are used for processed data. 3. Capability inventory: Command execution and network proxy capabilities via the Membrane CLI. 4. Sanitization: No explicit validation or escaping of external content is described.
Audit Metadata