Skills
skills/membranedev/application-skills/jotform/Gen Agent Trust Hub

jotform

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the Membrane CLI from the official npm registry.
  • Evidence: npm install -g @membranehq/cli is used to provide the necessary tooling for the integration.
  • [COMMAND_EXECUTION]: The skill utilizes the membrane command-line utility to perform various tasks.
  • Evidence: Commands such as membrane login, membrane connect, and membrane action run are used to manage authentication and interact with the Jotform API.
  • [DATA_EXFILTRATION]: The skill facilitates the retrieval and management of data from Jotform.
  • Evidence: While the skill reads submissions and form data, it does so through authenticated channels and the intended Jotform API endpoints, with no evidence of unauthorized exfiltration to third-party domains.
  • [PROMPT_INJECTION]: The skill processes external data from Jotform submissions, which represents a potential surface for indirect prompt injection.
  • Ingestion points: list-form-submissions, get-submission (SKILL.md)
  • Boundary markers: Absent
  • Capability inventory: membrane action run, membrane request (SKILL.md)
  • Sanitization: Absent
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 02:53 PM