kingsumo
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally from the NPM registry to facilitate communication with the KingSumo API. - [COMMAND_EXECUTION]: Uses the
membranecommand-line utility to perform actions such as logging in, connecting to services, and running API requests. This is the intended functionality of the skill. - [DATA_EXPOSURE]: Authentication is handled externally through the Membrane platform using a browser-based login flow (
membrane login --tenant), which prevents the need for hardcoded secrets or local storage of sensitive API keys within the skill instructions. - [PROMPT_INJECTION]: No patterns of instruction overriding, safety bypasses, or system prompt extraction were found in the skill content.
- [INDIRECT_PROMPT_INJECTION]: The skill handles data from external sources (giveaway details and contestant lists) which could theoretically contain malicious payloads; however, the risk is mitigated as the skill relies on standard CLI interactions rather than complex prompt interpolation.
Audit Metadata