n8nio
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the global installation of the @membranehq/cli package via npm. This is a vendor-owned resource (membranedev) used to facilitate the skill's functionality.
- [COMMAND_EXECUTION]: The skill utilizes membrane CLI commands to search for connectors, manage connections, and run n8n.io actions. These commands are standard for the integration and are used as intended.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection where malicious instructions could be embedded in processed data.
- Ingestion points: External data enters the agent context through n8n.io workflow results or project data (SKILL.md).
- Boundary markers: The command examples do not show explicit delimiters or instructions to ignore embedded commands when interpolating data into CLI inputs.
- Capability inventory: The skill can execute actions and make authenticated network requests via the membrane CLI (SKILL.md).
- Sanitization: There is no mention of sanitization or escaping for data used in command arguments like --input.
Audit Metadata