identitycheck
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the NPM registry. This is the official command-line tool for the Membrane platform and is a trusted vendor resource.
- [COMMAND_EXECUTION]: The skill utilizes several membrane CLI commands (login, search, connect, action, run, request) to perform authentication and execute API requests. These commands are part of the intended functionality for interacting with the service.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted data from external sources.
- Ingestion points: External data is received through membrane action list, membrane action run, and membrane request commands in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the command templates.
- Capability inventory: The skill has the capability to execute shell commands via the membrane CLI as described in SKILL.md.
- Sanitization: No explicit sanitization or validation of the external API responses is performed before they are returned to the agent context.
Audit Metadata