Skills
skills/membranedev/application-skills/journey/Gen Agent Trust Hub

journey

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the membrane CLI tool to perform authentication (membrane login), discover connectors (membrane search), and execute specific API actions (membrane action run). These are standard operations for interacting with the Membrane platform.
  • [EXTERNAL_DOWNLOADS]: The instructions guide the user to install @membranehq/cli via npm. This is an official package maintained by the skill's author (Membrane) and is required for the skill's functionality.
  • [PROMPT_INJECTION]: A surface for indirect prompt injection exists as the skill processes external data.
  • Ingestion points: Data is retrieved from the Journey API through membrane action run and membrane request commands (SKILL.md).
  • Boundary markers: Absent; the instructions do not specify delimiters to separate untrusted API data from agent instructions.
  • Capability inventory: The agent can execute shell commands via the CLI and make proxied network requests.
  • Sanitization: Absent; the skill does not describe any validation or sanitization logic for data returned from the external service.
  • [SAFE]: There is a documentation link mismatch where the 'Official docs' point to TripAdvisor (https://developers.tripadvisor.com/home/) while the skill describes a journaling app. This appears to be a documentation error rather than a malicious redirection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 01:20 AM