mend
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the '@membranehq/cli' package from npm to enable communication with the Membrane platform. This package is maintained by the skill's author.
- [COMMAND_EXECUTION]: The skill utilizes the 'membrane' CLI tool to perform actions like authentication, connection management, and API execution.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests data from external Mend records (e.g., vulnerability details, comments). 1. Ingestion points: Data entering via 'membrane action run' and 'membrane request'. 2. Boundary markers: No delimiters or ignore instructions are present. 3. Capability inventory: The agent has access to shell commands and network requests via the CLI. 4. Sanitization: No sanitization of Mend-provided content is specified.
Audit Metadata