mobile-text-alerts
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install
@membranehq/clifrom the global NPM registry. This package is an official tool provided by the vendor for managing connections and actions. - [COMMAND_EXECUTION]: Instructions include the use of the
membraneCLI for logging in, connecting to services, and executing API actions. These operations are standard for the skill's stated purpose of interacting with the Mobile Text Alerts platform. - [CREDENTIALS_UNSAFE]: No hardcoded secrets or API keys are present. The skill explicitly guides users to use Membrane's connection management, which handles credentials and token refresh cycles server-side.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from the Mobile Text Alerts API (Ingestion points:
membrane action runandmembrane request). No explicit boundary markers or sanitization logic are defined in the instructions; however, the capabilities are limited to the Membrane CLI environment and represent the core intended functionality of the skill.
Audit Metadata