knot-api
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill utilizes the official @membranehq/cli tool for all operations.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the official Membrane CLI via npm (@membranehq/cli), which is an expected dependency for the author's platform.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to interact with the Knot API. These commands are used for legitimate purposes such as searching for actions, running actions, and making proxy requests.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill reads data from the Knot API which could contain instructions intended to influence the agent. Ingestion points: API responses from Knot records, guests, and sessions. Boundary markers: None specified. Capability inventory: Commands like action run and request allow state-changing operations on the API. Sanitization: Handled by platform-level guardrails.
Audit Metadata