iterate
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the Membrane CLI via '@membranehq/cli' from the NPM registry. This is a recognized vendor-owned package for this author.
- [COMMAND_EXECUTION]: The skill relies on executing the 'membrane' CLI tool to perform authentication, connection management, and API requests to Iterate. These operations are part of the intended functionality.
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection (Category 8):
- Ingestion points: Data enters the agent context through survey listing and retrieval actions ('list-survey-responses', 'get-survey').
- Boundary markers: None identified in the skill instructions.
- Capability inventory: The skill allows executing actions ('membrane action run') and making arbitrary API requests ('membrane request') which could be influenced by malicious content in survey data.
- Sanitization: No specific sanitization or filtering of external data is mentioned.
Audit Metadata