kooomo
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This package is the official command-line interface for the Membrane platform, which is the author's own service.\n- [COMMAND_EXECUTION]: The skill utilizes themembraneCLI to perform operations such as authentication, searching for elements, managing connections, and executing actions or API requests. These commands are necessary for the skill's intended functionality of interacting with the Kooomo platform.\n- [PROMPT_INJECTION]: The skill interacts with external data from the Kooomo platform, which represents a surface for indirect prompt injection. This is a common characteristic of API integrations and is managed through the platform's proxy.\n - Ingestion points: Data returned from
membrane action runormembrane requestcommands in SKILL.md.\n - Boundary markers: No specific delimiters are included for processing API data.\n
- Capability inventory: Access to the user's shell for executing
membraneCLI commands.\n - Sanitization: The skill does not describe specific sanitization steps for the data received from external endpoints.
Audit Metadata