hive
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues were detected. The skill's functionality aligns with its stated purpose and adheres to security best practices.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the official
@membranehq/clitool from the npm registry, which is a trusted resource provided by the vendor. - [PROMPT_INJECTION]: The skill handles untrusted data by retrieving tasks, messages, and comments from Hive, which presents a surface for indirect prompt injection. 1. Ingestion points: Hive tasks and comments retrieved in SKILL.md. 2. Boundary markers: None identified. 3. Capability inventory: Execution of actions and API requests via the
membraneCLI. 4. Sanitization: No specific filtering or escaping of retrieved content is documented.
Audit Metadata