hiveage
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external Hiveage accounts, such as invoice descriptions and contact details. This data enters the agent context and could contain malicious instructions. The skill possesses write capabilities (create, update, delete actions) which could be targeted by such an injection. No specific boundary markers or data sanitization steps are outlined in the instructions.\n- [COMMAND_EXECUTION]: The skill requires the execution of shell commands using the membrane CLI and npm for setup and API interaction.\n- [EXTERNAL_DOWNLOADS]: The setup instructions involve downloading the @membranehq/cli package from the official NPM registry.
Audit Metadata