haravan
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package from the npm registry, a well-known service. The package is the official tool provided by the vendor to facilitate integration and is used according to standard development practices.
- [COMMAND_EXECUTION]: The skill uses local shell commands to execute the Membrane CLI for data management, authentication, and interaction with the Haravan integration.
- [DATA_EXFILTRATION]: API requests to Haravan are routed through the Membrane proxy service. This architecture is designed to manage authentication tokens and credentials server-side, reducing the risk of exposing sensitive data in the local environment.
- [PROMPT_INJECTION]: Data ingested from Haravan API responses and Membrane CLI outputs represents a surface for indirect prompt injection. 1. Ingestion points: membrane action list and membrane request outputs in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution of the membrane CLI for network operations and data retrieval. 4. Sanitization: Not explicitly defined in the skill instructions for processing external outputs.
Audit Metadata