mabl
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage globally via npm. This package is the official command-line interface provided by the vendor (membranedev) for interacting with their platform. - [COMMAND_EXECUTION]: The skill utilizes several shell commands via the
membraneCLI to manage connections, discover actions, and execute test runs. These commands are part of the intended functionality for interacting with the Mabl API through the vendor's proxy service. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests and processes data from external sources (Mabl API responses) which are then used to inform subsequent agent actions.
- Ingestion points: Data enters the agent context through the output of
membrane action list,membrane connection list, andmembrane requestcommands as described inSKILL.md. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the provided instructions.
- Capability inventory: The agent can perform network operations and execute platform actions via
membrane action runandmembrane requestcommands. - Sanitization: No specific sanitization or validation logic for the external API responses is documented within the skill instructions.
Audit Metadata