occasion
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage from npm to enable communication with the Membrane platform. This is a trusted resource provided by the skill author. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI to manage connections and execute API actions. These commands are necessary for the skill's functionality and are documented for transparency. - [PROMPT_INJECTION]: The skill processes data from the Occasion API, creating a surface for potential indirect prompt injection.
- Ingestion points: External data is fetched using the
membrane action runandmembrane requestcommands as described inSKILL.md. - Boundary markers: No specific delimiters or instructions are implemented to distinguish between API data and agent instructions.
- Capability inventory: The agent can execute CLI commands and make network requests via the
membranetool (SKILL.md). - Sanitization: No sanitization or validation of the retrieved API data is specified in the skill configuration.
Audit Metadata