nulab
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clitool globally using npm. This is a vendor-owned package required for the skill to interact with the Membrane platform. - [COMMAND_EXECUTION]: Extensive documentation is provided for using the
membraneCLI tool to manage project connections, search for actions, and run commands. These operations are standard functionality for the platform's ecosystem. - [DATA_EXFILTRATION]: The skill describes using a proxy command (
membrane request) to communicate with the Nulab API. This traffic is routed through the vendor's infrastructure to handle authentication and header injection securely. - [PROMPT_INJECTION]: As an integration that retrieves data from external project management software, the skill has an indirect prompt injection surface.
- Ingestion points: Nulab API responses ingested via CLI actions and proxy requests.
- Boundary markers: No delimiters or explicit instructions to ignore embedded content are specified in the provided documentation.
- Capability inventory: The skill utilizes the
membraneCLI tool for network communication and action execution. - Sanitization: No specific data validation or sanitization methods for external content are described in the instructions.
Audit Metadata