onethread
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation references the installation of the @membranehq/cli package, which is the official command-line interface for the Membrane platform.
- [PROMPT_INJECTION]: The skill provides a mechanism to ingest and process external data from Onethread (e.g., messages and user details), which constitutes a potential surface for indirect prompt injection.
- Ingestion points: Data retrieved from Onethread endpoints via membrane action run or membrane request.
- Boundary markers: No explicit delimiters or instructions for the agent to treat the external content as untrusted are defined in the SKILL.md.
- Capability inventory: The agent can perform network requests and execute commands using the membrane CLI tool.
- Sanitization: The skill does not specify explicit sanitization logic for data retrieved from Onethread.
Audit Metadata