kvdb
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/cliNode.js package. This is a legitimate vendor-owned utility necessary for the skill's primary functionality. - [COMMAND_EXECUTION]: The skill uses various
membraneCLI commands to manage database connections and perform API requests. These actions are within the scope of the skill's stated purpose of interacting with KVdb. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes data retrieved from an external database. 1. Ingestion points: Data returned from
membrane action runandmembrane request. 2. Boundary markers: Absent in the provided instructions. 3. Capability inventory: The agent has the ability to execute shell commands and network requests via the CLI. 4. Sanitization: No explicit sanitization or validation of the database content is performed before processing.
Audit Metadata