incidentio
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from npm. This is a legitimate utility provided by the skill's author (membranedev) to manage authentication and API interactions. - [COMMAND_EXECUTION]: Shell commands using the
membraneCLI are used to perform tasks such as authentication, searching for connectors, and executing API actions. These operations are scoped to the user's account and the specific integration. - [PROMPT_INJECTION]: There is an inherent risk of indirect prompt injection as the skill retrieves and processes data from Incident.io, such as incident descriptions and updates, which may be authored by external users.
- Ingestion points: Data retrieved via actions like
list-incidents,get-incident, andlist-incident-updates(SKILL.md). - Boundary markers: Absent; there are no specific instructions to the agent to treat retrieved data as untrusted.
- Capability inventory: The skill has the ability to create and update incidents and perform arbitrary API requests via
membrane request(SKILL.md). - Sanitization: No sanitization or validation steps are defined for the data retrieved from the external API.
Audit Metadata