humanity
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements secure authentication practices by delegating credential management to the Membrane platform, ensuring that no sensitive API keys or tokens are handled directly by the AI agent or the user in plaintext.
- [COMMAND_EXECUTION]: The instructions involve running the
membraneCLI to perform actions such as logging in, connecting to services, and executing API calls within the shell environment. - [EXTERNAL_DOWNLOADS]: The skill directs the user to install the
@membranehq/clipackage from the official NPM registry, which is the standard tool provided by the vendor for this integration. - [PROMPT_INJECTION]: The skill processes external data from the Humanity platform, creating an ingestion surface for indirect prompt injection. * Ingestion points: Data retrieved via
membrane action runandmembrane requestin SKILL.md. * Boundary markers: None present in the instructions to delimit external data. * Capability inventory: Execution of shell commands through themembraneCLI across the skill. * Sanitization: No explicit sanitization or validation of the ingested external content is described.
Audit Metadata