merge-1
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the official Membrane CLI (@membranehq/cli) from the public npm registry, which is a standard procedure for interacting with the Membrane platform.
- [COMMAND_EXECUTION]: The skill utilizes the Membrane CLI to manage authentication, list actions, and execute API requests. These commands are part of the vendor's intended functionality for the integration.
- [PROMPT_INJECTION]: The skill ingests external data from the Merge API via Membrane actions and proxy requests, creating an indirect prompt injection surface. Evidence: 1. Ingestion points: data returned from
membrane action listandmembrane requestcommands. 2. Boundary markers: not present in the instructional snippets. 3. Capability inventory: ability to run arbitrary integration actions and proxy HTTP requests. 4. Sanitization: relies on the underlying Membrane platform's built-in handling of API responses and schema definitions.
Audit Metadata