kanbanize
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI (
@membranehq/cli) from the NPM registry to facilitate the integration.- [COMMAND_EXECUTION]: Utilizes themembranecommand-line tool for all operations, including authentication, resource discovery, and API interaction.- [PROMPT_INJECTION]: The skill processes external content from Kanbanize (such as card titles, descriptions, and comments) which represents an indirect prompt injection surface. - Ingestion points: External data retrieved from Kanbanize boards, cards, and comments via
membrane action runormembrane request. - Boundary markers: Not specified in the skill instructions.
- Capability inventory: Shell command execution via the
membraneCLI and network requests to the Kanbanize API. - Sanitization: No explicit sanitization or validation of the retrieved data is mentioned before it is processed by the agent.
Audit Metadata