maestra
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
membraneCLI to interact with the Maestra API. This is the primary and intended method of operation, utilizing the author's own infrastructure for secure communication. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@membranehq/clinpm package. As a resource owned by the vendor (membranedev), this is considered a safe and standard dependency for the skill's functionality. - [PROMPT_INJECTION]: The skill processes external data from the Maestra API, which represents a potential surface for indirect prompt injection. However, this is inherent to the skill's primary purpose of data integration.
- Ingestion points: Command output from
membrane action listandmembrane requestin SKILL.md. - Boundary markers: Absent in the provided instructions.
- Capability inventory: Shell command execution via the
membraneCLI. - Sanitization: No explicit sanitization of remote data is mentioned in the skill instructions.
Audit Metadata