mews
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the @membranehq/cli package via NPM. This is a legitimate vendor tool used for managing API connections and authentication with the Mews service.
- [COMMAND_EXECUTION]: The skill utilizes membrane CLI commands (login, connect, search, action run, request) to interact with the Mews API. These commands are necessary for the skill's intended functionality and are executed through the vendor's platform.
- [SAFE]: The skill presents an indirect prompt injection surface as it processes data from the Mews PMS. Ingestion points: External Mews data retrieved via CLI commands in SKILL.md. Boundary markers: Not explicitly defined in the prompt instructions. Capability inventory: The skill can execute commands and network requests via the Membrane CLI. Sanitization: Relies on the security architecture of the Membrane connector and platform.
Audit Metadata