launch27
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package from the NPM registry. This tool is provided by the skill's vendor to facilitate secure API interaction.
- [COMMAND_EXECUTION]: The skill uses shell commands through the membrane CLI to manage authentication, connection state, and to execute actions against the Launch27 API.
- [PROMPT_INJECTION]: The skill processes untrusted data from the Launch27 service, which creates a surface for indirect prompt injection. 1. Ingestion points: Data retrieved via action run and proxy request commands in SKILL.md. 2. Boundary markers: No delimiters are used to separate ingested API data from agent instructions. 3. Capability inventory: The agent has access to execute shell commands via the membrane CLI. 4. Sanitization: No explicit validation or filtering of external data is described.
Audit Metadata