Skills
skills/membranedev/application-skills/ihomefinder/Gen Agent Trust Hub

ihomefinder

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the membrane CLI to interact with IHomefinder elements. It instructs the agent to execute shell commands for setup, connection management, and running API actions.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli global package. This is the official command-line interface provided by the vendor for managing integrations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external IHomefinder API endpoints.
  • Ingestion points: Commands such as membrane action run and membrane request retrieve listings, subscriber details, and notes from external sources.
  • Boundary markers: The skill does not define specific delimiters or instructions for the agent to ignore potentially malicious content within the retrieved data.
  • Capability inventory: The agent has the ability to execute shell commands and make network requests through the membrane tool.
  • Sanitization: There is no evidence of data sanitization or validation of the content returned from IHomefinder before it is presented to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 07:40 AM