munity
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the official @membranehq/cli package from the npm registry. This is a vendor-controlled tool used for platform integration.
- [COMMAND_EXECUTION]: The skill uses the membrane CLI to perform login, search for elements, connect to services, and run actions. These commands interact with the user's environment to facilitate the integration.
- [PROMPT_INJECTION]: The skill ingest data from Munity API endpoints via the membrane request and membrane action run commands, creating a surface for indirect prompt injection.
- Ingestion points: Data entering the context from Munity API responses and connector outputs.
- Boundary markers: None present in the instructions to separate untrusted data from agent instructions.
- Capability inventory: Capability to execute shell commands and perform network requests via the membrane CLI.
- Sanitization: No sanitization or validation of the external API data is described in the skill.
Audit Metadata