momo
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the Membrane CLI from the public NPM registry.
- Evidence:
npm install -g @membranehq/cli@latestinSKILL.md. - [COMMAND_EXECUTION]: The skill performs multiple shell operations using the
membranecommand-line tool to manage sessions and data. - Evidence: Commands include
membrane login,membrane connect, andmembrane action run. - [PROMPT_INJECTION]: The skill ingests untrusted data from the MoMo platform, which creates a surface for indirect prompt injection attacks.
- Ingestion points: Retrieves and processes MoMo Records using
membrane action run. - Boundary markers: None identified; record content is processed directly in the agent's context.
- Capability inventory: The skill has the ability to execute shell commands via the CLI and create new actions (
membrane action create). - Sanitization: No validation or sanitization of the retrieved record content is specified before it is used by the agent.
Audit Metadata