helium
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the official npm registry to interact with the Membrane platform.
- [COMMAND_EXECUTION]: The skill executes various shell commands via the membrane CLI to perform resource discovery, manage connections, and interact with Helium API endpoints.
- [PROMPT_INJECTION]: The skill processes data from external Helium API responses, creating a surface for indirect prompt injection.
- Ingestion points: Command output from membrane action run and membrane request (SKILL.md).
- Boundary markers: No specific delimiters or boundary markers are used to isolate external data from instructions.
- Capability inventory: The skill can execute shell commands through the membrane CLI, which could be abused if malicious data is interpreted as instructions.
- Sanitization: No documented sanitization or validation of the external API content is performed.
Audit Metadata