nationbuilder
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @membranehq/cli Node.js package, a tool used to interface with the Membrane platform.
- [COMMAND_EXECUTION]: Functionality is implemented through membrane CLI commands that perform authenticated requests to the NationBuilder API.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from an external API.
- Ingestion points: Data retrieved from NationBuilder via membrane action run and membrane request commands.
- Boundary markers: Not present; instructions do not define delimiters or ignore instructions for external data.
- Capability inventory: The skill executes shell commands to interact with the external NationBuilder service.
- Sanitization: No evidence of data sanitization or validation of the remote content is provided.
Audit Metadata