medius
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to install the
@membranehq/clipackage from the npm registry and usesnpxto execute the latest version of the tool. These are vendor-controlled resources from the Membrane organization.- [COMMAND_EXECUTION]: The skill heavily relies on themembranecommand-line interface to perform operations such as logging in, connecting to the service, and running actions. These commands are executed in the local shell environment.- [PROMPT_INJECTION]: The skill processes data from the Medius API, which introduces a surface for indirect prompt injection. - Ingestion points: Data retrieved through
membrane action runandmembrane requestinSKILL.mdis processed by the agent. - Boundary markers: Absent. The skill does not implement specific delimiters to isolate external data from instructions.
- Capability inventory: The agent can execute arbitrary CLI commands using the
membranetool as described inSKILL.md. - Sanitization: Absent. There is no evidence of data validation or escaping for the content received from the external API.- [SAFE]: The documentation contains a mismatched URL in the 'Official docs' section, pointing to Oculus developer documentation instead of Medius. This appears to be a documentation error rather than a malicious attempt to deceive, as the destination is a well-known and trusted service.
Audit Metadata