libraria
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
@membranehq/cliNPM package globally. This is a legitimate utility provided by the skill's vendor (Membrane) to facilitate platform interaction. - [COMMAND_EXECUTION]: The skill heavily relies on executing
membraneCLI commands to perform operations like logging in, connecting to connectors, listing actions, and running those actions. It also usesmembrane requestto proxy direct API calls to Libraria. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection vulnerabilities as it processes external content from Libraria documents (books, journals, and scraped URLs).
- Ingestion points: Libraria documents are added via URL scraping or raw text in the
add-documentaction and read via thequery-libraryaction. - Boundary markers: None identified in the skill instructions.
- Capability inventory: The skill has the ability to execute shell commands (
membrane action run,membrane request) which could be manipulated if an attacker can inject instructions into the documents being queried. - Sanitization: No sanitization or validation of the document content is described in the integration logic.
Audit Metadata