kingsumo
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli global package, which is a vendor-owned tool for platform integration.
- [COMMAND_EXECUTION]: Utilizes CLI commands such as membrane login, membrane connect, and membrane action run to perform operations.
- [PROMPT_INJECTION]: Contains an indirect prompt injection surface due to ingestion of giveaway and contestant data.
- Ingestion points: list-contestants, get-giveaway, and list-giveaways in SKILL.md.
- Boundary markers: None.
- Capability inventory: membrane action run and membrane request.
- Sanitization: None.
Audit Metadata