mindspun
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends the installation of the
@membranehq/clipackage, which is the vendor's official tool for managing connections and actions. - [SAFE]: Instructions explicitly advise against asking users for API keys or tokens, instead directing them to use Membrane's secure connection management system.
- [COMMAND_EXECUTION]: Utilizes specific CLI commands (
membrane login,membrane connect,membrane action run) for its intended purpose of interacting with the Mindspun API. - [PROMPT_INJECTION]: The skill processes data from the Mindspun API, which represents an indirect prompt injection surface. Ingestion points: Data is received via
membrane action runandmembrane requestcommands. Boundary markers: No specific delimiters or safety instructions for handling external data are provided in the skill text. Capability inventory: The skill has the ability to make further network requests and execute actions via the CLI. Sanitization: No explicit sanitization or validation of the retrieved data is mentioned.
Audit Metadata