hyros
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands via the
membraneCLI to perform actions and queries. This is the intended behavior but requires the agent to handle command argument escaping properly. - [EXTERNAL_DOWNLOADS]: Fetches and installs the
@membranehq/clitool from the NPM registry to provide the necessary environment for the skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from the Hyros API (such as lead information or sales records) that could contain malicious instructions. * Ingestion points: Data retrieved via
membrane action runandmembrane requestin SKILL.md. * Boundary markers: Absent; there are no instructions to use delimiters or treat external data as untrusted. * Capability inventory: The skill can execute shell commands and write data back to APIs. * Sanitization: Absent; no data validation or escaping is specified for the processed content.
Audit Metadata