metricfire
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli package via NPM. This is a known utility provided by the skill author (membranedev) for managing platform integrations.\n- [COMMAND_EXECUTION]: The instructions involve executing various membrane CLI commands to handle authentication, connection management, and data operations. These are standard operational procedures for this vendor's tools.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it retrieves and processes external data from MetricFire.\n
- Ingestion points: Data retrieved through the membrane action run and membrane request commands in SKILL.md.\n
- Boundary markers: None identified in the provided instructions.\n
- Capability inventory: Execution of shell commands via the membrane CLI and the ability to perform network requests.\n
- Sanitization: No specific sanitization or validation logic is defined for the external data being processed.
Audit Metadata