octolis
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the @membranehq/cli package from the official NPM registry. This tool is provided by the vendor to facilitate secure API communication.
- [COMMAND_EXECUTION]: Uses the membrane CLI to perform operations such as login, connection management, and action execution. These commands are necessary for the skill's primary function of integrating with Octolis.
- [PROMPT_INJECTION]: The skill retrieves customer data from Octolis via API requests, which could contain untrusted content. This represents an indirect prompt injection surface. Data ingestion occurs through the 'membrane action run' and 'membrane request' commands. There are no explicit boundary markers or sanitization steps defined for the processed output, though this is typical for data integration skills.
Audit Metadata