honeycombio
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The instructions specify installing the '@membranehq/cli' package from npm, which is the official CLI tool provided by the vendor.
- [COMMAND_EXECUTION]: The skill uses several CLI commands ('membrane login', 'membrane search', 'membrane connect', 'membrane action run') to interact with the Membrane platform and Honeycomb.io.
- [PROMPT_INJECTION]: The skill processes external data from Honeycomb.io, creating a surface for indirect prompt injection where untrusted log or metric data could influence the agent's behavior. * Ingestion points: Data enters the agent's context through the output of 'membrane action run' and 'membrane request' commands. * Boundary markers: The instructions do not define specific delimiters or 'ignore' instructions for the ingested data. * Capability inventory: The agent is empowered to execute a range of CLI actions and proxy requests through the Membrane platform. * Sanitization: There is no explicit process mentioned for sanitizing or validating the data returned from Honeycomb.io APIs.
Audit Metadata