kosli
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clipackage from the NPM registry. This is an official tool provided by the authoring organization. - [COMMAND_EXECUTION]: The skill utilizes the
membranecommand-line interface to perform various operations, including authentication, connection management, and executing API actions through a proxy. - [PROMPT_INJECTION]: The skill is designed to interpolate user-provided search terms (intent) and data payloads directly into shell commands used by the CLI, creating a surface for indirect prompt injection if the inputs are not properly sanitized by the platform.
Audit Metadata