momentive
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
@membranehq/clipackage, which is the official command-line interface provided by the vendor. This is installed via npm to facilitate integration tasks. - [COMMAND_EXECUTION]: Several CLI commands are used for legitimate purposes, including authentication (
membrane login), searching for connectors (membrane search), and executing API actions (membrane action run). These commands are scoped to the intended functionality of the skill. - [PROMPT_INJECTION]: The skill contains an interface for processing data from an external API (Momentive), which presents a surface for indirect prompt injection.
- Ingestion points: Data retrieved through
membrane action runandmembrane requestcommands inSKILL.md. - Boundary markers: Not implemented within the skill instructions.
- Capability inventory: File system interactions and network requests performed via the
membraneCLI as documented inSKILL.md. - Sanitization: No explicit sanitization or filtering is described; the skill relies on the underlying platform's security mechanisms.
Audit Metadata