logit-io
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data retrieved from Logit.io (logs, metrics, and events) which can originate from untrusted external sources.\n
- Ingestion points: Data entering the context via
membrane action runandmembrane requestcommands in SKILL.md.\n - Boundary markers: Absent; there are no instructions or delimiters defined to distinguish Logit.io data from agent instructions.\n
- Capability inventory: The skill can execute network requests, modify data, and run actions across the Membrane platform.\n
- Sanitization: Absent; no validation or escaping of ingested log content is performed before processing.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This is an official utility provided by the skill's authoring organization (Membrane).\n- [COMMAND_EXECUTION]: The instructions rely on the execution of themembraneCLI for authentication, action discovery, and API interaction. These commands flow through the local shell environment.\n- [METADATA_POISONING]: TheLogit.io Overviewsection contains an excessively long and repetitive list of items (e.g., hundreds of variations of 'Security Finding Remediation Task'). This serves as context bloat, consuming significant token space without providing proportional functional value.
Audit Metadata