helpdocs
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses a managed connection model for HelpDocs authentication, which prevents the need for hardcoded API keys or secrets in the prompt or environment.
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli npm package and uses npx to execute it; these are verified tools provided by the skill's author to ensure secure API interactions.
- [PROMPT_INJECTION]: The skill processes documentation data from HelpDocs, representing a potential surface for indirect prompt injection. 1. Ingestion points: Data is fetched via 'membrane action run' and 'membrane request' commands. 2. Boundary markers: The instructions do not define specific delimiters to isolate external content from agent instructions. 3. Capability inventory: The skill enables the agent to execute shell commands (via the CLI) and perform network requests (via the proxy). 4. Sanitization: No specific sanitization or filtering of ingested data is mentioned in the skill definition.
Audit Metadata